The popular CrimeBoss exploit kit was updated to include a Java exploit that was recently patched to allow the exploit kit to target unpatched systems.
Buggy DIY botnet tool leaks in black market. A new botnet generation tool being sold for $10,000 was observed by a researcher on underground markets. However, the tool was considered buggy by users discussing it since it uses copied source code from other tools.
Source: http://www.scmagazine.com/buggy-diy-botnet-tool-leaks-in-blackmarket/article/286722/
A survey conducted by Webroot found that 80 percent of companies experienced at least one variety of Web-borne attacks in 2012, and that phishing was the most common attack, among other findings.
Downed US vuln catalog infected for at least TWO MONTHS. A vulnerability in Adobe’s ColdFusion software allowed the National Vulnerability Database and other National Institute for Standards and Technology (NIST) Web sites to be infected with malware, prompting NIST to take them offline.
Source:
http://www.theregister.co.uk/2013/03/14/adobe_coldfusion_vulns_compromise_us_malware_catalog/
Apple fixes OS X flaw that allowed Java apps to run with plugin disabled. Apple released several security updates for its OS X operating system, as well as a new version of its malware removal tool.
Source: http://threatpost.com/en_us/blogs/apple-fixes-os-x-flaw-allowed-javaapps-run-plugin-disabled-031513
