Among the many large (and old) breaches under discussion this week was one that appears bogus. Some identity theft protection companies warned their customers that Dropbox had been breached, citing figures of around 73 million usernames and passwords compromised. But this seems untrue: the lost data appear to have come from the Tumblr breach.
Researchers say password manager KeePass 2’s update check is vulnerable to man-in-the-middle exploitation.
Familiar banking Trojan Dridex is circulating (mostly in North America) impersonating a PFX certificate file and thereby evading detection by many antivirus programs.
Check & Secure looks at reports of locked devices and bank account theft and thinks it sees the common factor: possible issues with TeamViewer.
WordPress is under active attack as hackers exploit a zero-day in its mobile detector plugin.
The FBI warns that traditional, albeit electronically enabled, extortion is on the rise. Criminals threaten to release stolen, potentially embarrassing information.
Adware insinuated into the Google Play Store targets fútbol fans.
A Washington Redskins trainer’s (apparently unencrypted) laptop containing current, former, and even potential players’ medical information was stolen last month.
Google releases Chrome 51.0.2704.79, fixing fifteen vulnerabilities affecting Windows, Linux, and OS X systems.
In industry news, Blue Coat filed its expected IPO yesterday as Bain Capital takes the company public.
As US schools approach summer vacation, the Air Force Association is offering eighty-five cyber boot camps across the country.
Wired runs an op-ed proposing securitized cyber insurance as a vehicle for improving cyber security (and national behavior in cyberspace).