We’ve been extra busy at StopBadware this fall. We're organizing some cool research, we trained a fabulous new website tester (check out last week’s website PSA), and we attended a few different security conferences and meetings. Our community news roundup this week covers both September and October.
Featured news: A trio of security vulnerabilities
Shellshock: A serious security vulnerability was discovered in bash, a commonly used tool on many Unix, Linux, and Mac OS X systems. When exploited, the bug allows attackers to run arbitrary shell commands on vulnerable servers. See excellent coverage here from Automattic, SiteLock, Fortinet, and CloudFlare.
POODLE: Google researchers disclosed a vulnerability in SSLv3 that can allow an attacker to access private information from within an encrypted transaction. POODLE affects any browser or site that supports SSLv3. Sites using this version of SSL should upgrade to a newer version of TLS. See our partners’ coverage of POODLE: Google, Mozilla, Qualys, Fortinet.
Highly critical security vulnerability in Drupal: We can't stress this one enough. On October 15, the Drupal team released a highly critical security advisory about a SQL injection vulnerability in the Drupal core. On October 29, Drupal published a follow-up PSA stating that automated attacks began compromising vulnerable Drupal sites as soon as the initial security advisory was released, and webmasters should assume every Drupal 7 website was compromised unless updated within seven hours of when Drupal disclosed the security flaw on October 15. Sophos and Sucuri have more details.
Malware news and analysis
ESET: Two recently patched Adobe Flash exploits now used in exploit kits, an excellent technical paper on bootkits (PDF via Virus Bulletin), another great paper on the evolution of webinject, and details on August BlackEnergy PowerPoint campaigns.
Fortinet: A look at the crypto in Android’s Emmental malware (see also Axelle Apvrille’s post on how to undermine the malware and redirect intercepted messages), a new variant of third-generation Pushdo malware, and the evolution of Tinba malware.
Sucuri: Manipulating WordPress plugin functions to inject malware, WordPress websites still being hacked via MailPoet plugin vulnerability, CMD process contributing to reinfection on Microsoft IIS servers.