Community news and analysis: August 2014

Posted on September 9, 2014 - 16:56 by ccondon

The most widely read piece of security news this past month has undoubtedly been the impact of the widespread Backoff point-of-sale (PoS) malware family. Backoff is suspected to be the culprit behind several recent data breaches at major companies. US-CERT issued an advisory on 31 July warning that “seven PoS system providers/vendors have confirmed that they have had multiple clients affected,” and the U.S. Secret Service “currently estimates that over 1,000 U.S. businesses are affected.” Full advisory here.

Our partners have covered this topic in depth, as have other reputable sources in the security community. Below are some sources of actionable information from people we know and trust.

Backoff Malware: What You Should Know (Qualys)

Is Your Point of Sale Machine Protected Against Attacks? (ESET)

6 Tips to Keep Your Data Safe (Sophos)

An Analysis of the Backoff PoS Malware (Fortinet)

Malware analysis

Krysanec Android Trojan disguises itself as legitimate apps (ESET)

Fortinet’s Axelle Apvrille analyses the AdThief/iOS malware that stole revenue from 22 million ads (PDF via Virus Bulletin)

Android “Heart App” virus spreads quickly, author arrested within 17 hours (Sophos)

Two IRCbots: DorkBot and its twin, NgrBot (Fortinet)

Other security news

In support of efforts to encourage the use of SSL across the Web, Google announced this past month that they will begin using HTTPS as a ranking signal. Sites using SSL may get a slight boost in Google’s search rankings, and it’s possible this might increase over time. On the heels of Google’s news, our partners at CloudFlare announced that they’re working on making SSL free for all their customers, including free customers.

If your website is already serving over HTTPS, you can use this free tool from Qualys to test security and configuration. Want more information about what Google’s changes might mean for websites and their administrators? Check out DreamHost’s writeup.

Mozilla: Public key pinning released in Firefox

Automattic acquired BruteProtect, a WordPress plugin and service that protects sites from malicious logins and helps site owners keep updated. Automattic says they intend to build this functionality into Jetpack, which is neat news for the security-conscious WordPress community.

In mid-August, CloudFlare launched Tinfoil Security, a service that helps site owners find web application vulnerabilities. The free plan on their pricing tier allows webmasters to check for XSS vulnerabilities.

Plugin vulnerabilities in popular CMSes this month: Slider Revolution for WordPress, Akeeba Backup extension for Joomla, Custom Contact Forms for WordPress (Sucuri).

Add new comment

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.