More trouble for Adobe Reader, as FireEye finds infected PDFs in the wild. The malware bypasses mitigations through return-oriented programming and baffles sandbox analysis reports through fake app export table entries pointing to invalid memory locations. (Sophos examines infected PDFs and offers a detailed account of their malicious functionality.) Adobe issued another advisory late yesterday telling users to avoid trouble by enabling the protected view in Reader, which Adobe says can be done by going to Preferences, selecting Security (Enhanced) and then checking either "Files from potentially unsafe locations" or "All files."
An iOS 6.1 security flaw is exposed. An Android app developer says he's discovered that Google Play reveals user data to developers. A Flickr bug takes private photos public.
Jawbone reports it's been hacked, with user accounts compromised. Chinese users of OS X experience a spike in attacks.
Telecommunications Denial of Service (TDoS) is now available as a service on the black market. MIT's Technology Review notes with alarm the growth of a "malware-industrial complex" that serves the US military: malware is likely to prove far more difficult to contain than other military technologies. (The US Department of Defense yesterday announced a Distinguished Warfare Medal for cyber and drone operations.)
The US National Institute for Standards and Technology (NIST) solicits comments on its draft Electronic Authentication Guideline, set to supersede NIST Special Publication 800-63-1.
US President Obama's cyber executive order will share classified threat information with critical infrastructure operators. It will also expedite security clearances in selected industries.