News of the Texas fertilizer plant explosion joins the Boston Marathon bombing as the hook for spam and web-delivered malware.
Online source code repository SourceForge is being abused to distribute malware. Cybercriminals expand their target set in stock trading: security researchers at Group-IB find malware targeting trading tools QUIK and FOCUS IVonline. The software under attack is used mainly on Russian and Ukrainian exchanges, but it touches securities firms trading in other countries as well.
FireEye has continued to study Operation Beebus (attributed to Comment Crew, itself generally regarded as an element of China's People's Liberation Army) and concludes that the campaign is intended to steal drone technology.
Apple has updated Safari to give users more control over Java in the browser.
Ponemon finds consumer attitudes toward security and identity management shifting: passwords are widely regarded as inconvenient and are disliked (which is not news), and consumers appear ready to welcome more biometrics (which is news).
SC Magazine runs a brief and nicely organized discussion of the structure of a cyber attack, which the author (Dell SonicWall's Andrew Walker-Brown) divides into six steps: (1) Reconnaissance, (2) Enumeration, (3) Penetration and Access, (4) Privilege Escalation, (5) Access Maintenance, and (6) Covering Tracks.
Seeking an apparent upgrade to its secure mobile networks, the US Defense Intelligence Agency has issued a request for information from companies who can "work and store classified information at the SECRET Collateral Level" and design "cellular phone point-to-point communication systems."
CISPA passed the US House of Representatives yesterday.