A small number of Apple employees’ computers were hacked recently by the same crew that attacked Facebook, and which Facebook claimed it traced back to China. In that case, Facebook said, its employees’ machines were fully patched and up-to-date, and entry was gained via a previously unknown zero-day attack in the Java browser plugin.

In a statement released to AllThingsD, Apple said there was no evidence the attack succeeded in getting any corporate data:

Apple has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers. The malware was employed in an attack against Apple and other companies, and was spread through a website for software developers. We identified a small number of systems within Apple that were infected and isolated them from our network. There is no evidence that any data left Apple. We are working closely with law enforcement to find the source of the malware.

Java is notoriously a source of security problems, and Apple says it will release a software tool later today to patch the problem. Oracle had provided a patch on February 1, 2013, according to Facebook, but Apple is not known for being quick to release new updates. That update is not yet available, at least according to my MacBook Air’s software update mechanism.

Worth noting: Apple has not shipped Java since Mac OS X Lion — which launched in July of 2011 — and also disables Java if it has not been used in 35 days.

Apple says it is assisting authorities in tracking down the hackers.

photo credit: alles-schlumpf via photopin cc

Dropbox users are complaining on the forums that email addresses they’ve used only for cloud storage and sharing service are getting spam … which leads them to believe that Dropbox has had some kind of security breach.

The first user complaint was about a day ago:

However, there are some from just three hours ago (morning, July 18), including this one from a fairly knowledgable user who believes that the junk mail is not just coming from random guesses by spammers:

As TechCrunch noticed, a Dropbox employee on the forums has confirmed the company is investigating, and has brought in an outside team of experts to help, who are working around the clock to look for any possible security breaches:

But the issue has not yet been reported either on Dropbox’s news site or the Dropbox blog, which suggests that the company has either not found any issues yet or that issues remain unresolved.

Unfortunately, security problems are not a new thing for Dropbox.

The platform recently had very basic flaws in its mobile apps, and last year it left accounts completely unprotected for four hours. After that failure, the company posted on its blog that it was re-dedicating to security.

It’s unclear still what is happening at Dropbox, and as a user I can say I have not received any unusual emails or spam that would indicate my account may have been compromised.

VentureBeat has reached out to Dropbox for a statement, and we’ll update this post as we receive more information.

[ update ]

Dropbox pointed me to the post from Joe G, a Dropbox employee, that I included above. Upon further questioning, a representative said there was no further comment at this time.

Image credit: JMiks/ShutterStock

The Chicago Tribune reports that three teens, Malik Jones, Nicholas Ayala, and Anthony Malcolm, were charged with first-degree murder after Jones allegedly attacked Delfino Mora, demanding money, while the other two teens allegedly filmed the assault on a mobile phone. The story also says that Jones was charged as an adult.

The attack is reminiscent of the so-called “knock-out king” game allegedly played by some teens in St. Louis and other cities in the U.S. last year. Assailants typically select weak or vulnerable individuals and attempt to knock them out. At least one man in St. Louis died as a result, and an 18-year old male was charged with first-degree murder.

Some of the St Louis arrests resulted from public surveillance videos, but today’s charges result from video the teens themselves allegedly posted to Facebook. Posting the video to Facebook seems to demonstrate both an outrageous lack of moral sense that is equally matched by almost unfathomable naiveté, as the teens either felt that they were not doing anything wrong, or that authorities would not notice, or both.

In a statement given to the Chicago Tribune, the victim’s youngest child said, “They think posting a violent video makes them tough. It’s like they want to get famous.”

This is a breaking story…we will be adding as we go.

Image credit: Blojgo/ShutterStock

The vulnerability is currently being exploited via a Flash file embedded in Microsoft Excel (.xls) file. The file has been distributed as an e-mail attachment. There are no reports yet on attacks targeting Acrobat software.

Users should be very careful with e-mail attachments until a fix has been issued and the software has been updated. Adobe promises that an update will be available on March 21.

Acrobat and Acrobat Reader are used to create and read PDF files. Flash and PDF files are very popular among malicious code writers because they are so widely used across different platforms. Almost every computer in the world has Acrobat or Flash installed. A single vulnerability can be exploited in Windows, Mac and other operating systems.

The affected versions are Adobe Flash Player 10.2 for Windows, Macintosh, Linux, Solaris and Android systems. Adobe Reader and Acrobat X are affected on Windows and Macintosh only. The full details of affected versions are on Adobe’s website.