Adobe patches Flash again as two new exploits are discovered in the wild. Kaspersky reports finding the HackingTeam's DaVinci lawful intercept product installed via a Flash Player vulnerability. FireEye reports the LadyBoyle espionage tool is also exploiting Flash.
As financial institutions swiftly and effectively upgrade defenses, spearphishing has as we've noted displaced more sophisticated attacks against banks. Help Net Security profiles one of the more effective spearphishing crews, a Chinese hacking gang called "Comment Group" because it deploys malicious payloads in website comment sections.
Yahoo receives harsh criticism for directing small-business clients to SiteBuilder, a free website-building tool that uses an out-of-date and vulnerable version of Java. Last week's Facebook redirecting error spooks security analysts: some see it as foreshadowing a new class of hacks that exploit transitive trust issues.
Yesterday Microsoft addressed fifty-seven vulnerabilities in twelve bulletins (five critical)—fixes to Internet Explorer and Windows Kernel driver win32k.sys are the most significant.
Several reports on critical infrastructure protection trends appear. Machine-to-machine links are opening new vulnerabilities. And augmented reality? Another new field for bad actors.
Britain is spending a lot on cyber security (and industry has certainly benefited) but apparently not enough to satisfy authors of a National Audit Report, who see the UK as decades behind the threat. US Federal budget sequestration looks likelier; Senate Republicans see it as a near certainty.
T. Rowe Price opposes Dell's leveraged buyout.
US President Obama signed an executive order on threat information sharing yesterday; another cyber executive order is expected today.