Kaspersky makes more research into Careto ("the Mask") available.
Rapid7 warns that Android's OS remains susceptible to an old remote code execution vulnerability—it had been thought successfully patched, but now apparently less successfully than hoped. Kaspersky's list of malicious Android apps tops 10,000,000.
An Adobe Flash zero day has been found infecting the websites of prominent foreign policy study centers. This suggests a watering-hole campaign in progress. Adobe has issued a quick patch.
Tripwire reports twenty of Amazon's top twenty-five bestselling SOHO routers have security vulnerabilities: exploits for many are publicly available.
The University of Maryland discloses it was hacked, with some 300,000 records compromised. Universities are attractive targets for cyber criminals: they hold large databases of personal information, they generate and retain considerable intellectual property, and their large number of young, inexperienced users afford a complex and difficult to control attack surface.
Forbes publishes an interesting timeline of the Syrian Electronic Army attack it sustained. The SEA's social engineering was particularly effective.
Hacktivism continues to rise, and market research firm Ovum tells banks they should brace for a heavy wave of DDoS attacks this year. Cyber criminals are also exacting a heavy toll on the financial sector: the cost of cleaning up an episode is particularly daunting, as we're seeing with the ripples from the Target breach.
Banks increasingly turn to more sophisticated identity management and authentication solutions. Increasing migration to cloud services and more widespread BYOD in enterprises are fueling the market for such solutions more generally.