Cyber criminals continue con games that cruelly exploit people's horrified reactions to the Boston Marathon bombing. US-CERT summarizes them, and the SANS Institute publishes valuable updates of malicious sites and terms caught in spam traps.
Seculert finds malware in the wild— "Magic"—that may represent the first phase of a broader campaign. Its functionality, which could extend to establishing backdoors, data theft, HTML injection, and installing other malicious files, is apparently not yet in use, and the malware's purpose remains unclear.
The most commonly used home wireless routers are shown vulnerable to exploits that place attackers inside local firewalls.
Krebs traces SWATting attacks to identity theft sites.
Prolexic reports that distributed denial-of-service attacks show dramatically increased bandwidth capacity (and incidentally casts doubt on claims that last month's Spamhaus attack was the largest DDOS incident ever).
Quartz writer Kevin Ashton demonstrates the ease with which one can create a plausible, authenticated, and entirely fictitious Internet persona. Following DISA's famous "Robin Sage" (mother of all catfish), Ashton creates "Santiago Swallow," wins Twitter's blue checkmark of authenticity, and gains 80,000 followers before the gaff is finally blown.
Microsoft's Security and Intelligence Report notes the decline of worms and the rise of Web threats; it also finds that about 25% of all computers lack basic security software.
Venture capital shows a general contraction through the first quarter.
SANS offers a new tool for assessing cyber talent. Trusteer makes some very large claims for its Apex security solution: it "blocks 100% of previously unknown malware."