Downed US vuln catalog infected for at least TWO MONTHS. A vulnerability in Adobe’s ColdFusion software allowed the National Vulnerability Database and other National Institute for Standards and Technology (NIST) Web sites to be infected with malware, prompting NIST to take them offline.

Source:

http://www.theregister.co.uk/2013/03/14/adobe_coldfusion_vulns_compromise_us_malware_catalog/

Apple fixes OS X flaw that allowed Java apps to run with plugin disabled. Apple released several security updates for its OS X operating system, as well as a new version of its malware removal tool.

Source: http://threatpost.com/en_us/blogs/apple-fixes-os-x-flaw-allowed-javaapps-run-plugin-disabled-031513

Android users hit by evolved NotCompatible malware attack. A new version of the NotCompatible malware for Android has been found by researchers, peaking at around 20,000 detections a day.

Source: http://www.v3.co.uk/v3-uk/news/2255154/android-users-hit-byevolved-notcampatible-malware-attack

It takes a company 243 days to discover a sophisticated attack, study shows. A report by Mandiant focusing on advanced persistent threats (APTs) outlined several findings, including that there are on average 243 days between an attacker gaining access and when the attack is uncovered.

Source: http://news.softpedia.com/news/It-Takes-a-Company-243-Days-toDiscover-a-Sophisticated-Attack-Study-Shows-337342.shtml

After Oracle refuses to treat it as a vulnerability. A security research firm released details of a Java 7 sandbox bypass known as “Issue 54” that Oracle does not regard as a security vulnerability.

Source: http://news.softpedia.com/news/Details-of-Java-7-Issue-PublishedAfter-Oracle-Refuses-to-Treat-It-as-a-Vulnerability-337954.shtml