New open source Google tool tests web security scanners. Dubbed ‘Firing Range,’ the tool functions as a test ground for automated scanners and will help verify the detection capabilities of security tools. Details here.
Google study delves into manual account hijacking incidents: tactics used, success rates, damage done, and more.
ESET: First in-the-wild exploitation of Unicorn vulnerability affecting IE versions 3-11.
Fortinet: The rebirth of Dofoil—new malware variant marks the resurrection of an old botnet.
Sucuri: RSS reveals malware injections.
Other security news
Sophos: Carder. su fraudster jailed for 9 years, ordered to pay $50.8 million.
Over the next few months, Chrome and Firefox are changing the way they treat certain website certificates. Specifically, SHA-1 certificates will be treated as less trustworthy. This change affects a lot of websites—see CloudFlare’s explanation here. (Google's explanation from September is here.)