Community news and analysis: September/October 2014

Posted on November 4, 2014 - 16:19 by ccondon

We’ve been extra busy at StopBadware this fall. We're organizing some cool research, we trained a fabulous new website tester (check out last week’s website PSA), and we attended a few different security conferences and meetings. Our community news roundup this week covers both September and October.

Featured news: A trio of security vulnerabilities

Shellshock: A serious security vulnerability was discovered in bash, a commonly used tool on many Unix, Linux, and Mac OS X systems. When exploited, the bug allows attackers to run arbitrary shell commands on vulnerable servers. See excellent coverage here from AutomatticSiteLockFortinet, and CloudFlare.  

POODLE: Google researchers disclosed a vulnerability in SSLv3 that can allow an attacker to access private information from within an encrypted transaction. POODLE affects any browser or site that supports SSLv3. Sites using this version of SSL should upgrade to a newer version of TLS. See our partners’ coverage of POODLE: GoogleMozillaQualysFortinet.

Highly critical security vulnerability in Drupal: We can't stress this one enough. On October 15, the Drupal team released a highly critical security advisory about a SQL injection vulnerability in the Drupal core. On October 29, Drupal published a follow-up PSA stating that automated attacks began compromising vulnerable Drupal sites as soon as the initial security advisory was released, and webmasters should assume every Drupal 7 website was compromised unless updated within seven hours of when Drupal disclosed the security flaw on October 15. Sophos and Sucuri have more details.

Malware news and analysis

ESET: Two recently patched Adobe Flash exploits now used in exploit kits, an excellent technical paper on bootkits (PDF via Virus Bulletin), another great paper on the evolution of webinject, and details on August BlackEnergy PowerPoint campaigns.

Fortinet: A look at the crypto in Android’s Emmental malware (see also Axelle Apvrille’s post on how to undermine the malware and redirect intercepted messages), a new variant of third-generation Pushdo malware, and the evolution of Tinba malware.

Sophos: A resurgence in VBA malware, what you need to know about the Sandworm zero-day malware, and a (Down Under) speed camera phish that leads to CryptoLocker-esque ransomware.

Sucuri: Manipulating WordPress plugin functions to inject malware, WordPress websites still being hacked via MailPoet plugin vulnerability, CMD process contributing to reinfection on Microsoft IIS servers.

Other security news

Google on strengthening two-step verification with Security Key: “Security Key is a physical USB second factor that only works after verifying the login site is truly a Google website.”

Mozilla on implementing a faster Content Security Policy, and why using CSP improves security for those building new websites.

Add new comment

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.