Community news and analysis: March 2015

Posted on April 13, 2015 - 12:11 by ccondon

Featured news

Google cracks down on Chrome extensions that inject ads and degrade users’ browsing experiences (31 March). Google also added information about unwanted software to their Safe Browsing API last month (24 March).

Automattic: Five ways to secure WordPress plugins (27 March), preventing cross-site scripting in JavaScript (25 March), and a blind SQL injection vulnerability found in Yoast’s popular WordPress SEO plugin (13 March).

Three cheers for open information: Check out DreamHost’s first ever Transparency Report!

Malware news

ESET analyses “Casper” malware used against Syrian targets and likely developed by the same group behind the Babar and Bunny malware (5 March).

SiteLock demonstrates what it looks like to infect a website (19 March).

Sophos on the new TeslaCrypt ransomware targeting gamers running Windows (16 March) and developments in Microsoft Office malware (6 March).

A couple pieces of interesting Sucuri analysis: WordPress malware causes pseudo-DarkLeech infection (26 March); ‘inverted WordPress Trojan’ adds useful features along with malware (11 March).

Other security news

Mozilla on memory scanning for server security (12 March) and revoking trust in one CNNIC intermediate certificate (23 March).

Qualys: GHOST remote code execution exploit (17 March).

Fortinet: Cross-site scripting vulnerability discovered in WordPress Photo Gallery plugin with 12 million downloads (20 March).

Community news and analysis: February 2015

Posted on March 3, 2015 - 11:08 by ccondon

Featured news: Superfish, new malware warnings, universal SSL

Read Mozilla’s directions for getting Superfish out of Firefox (Feb. 27), Sophos on Superfish removal (Feb. 20), and a Fortinet Superfish FAQ. (Feb. 20) ESET also has a wise piece on unwarranted panic and false positives. (Feb. 20) Note: We hope we don’t ever have to write the word “Superfish” again.

Google Safe Browsing expands Chrome warnings: New warnings let users know when they’re about to visit a site known for encouraging downloads of unwanted or suspicious software. (Feb. 23)

Feedback and data-driven updates to Google’s Project Zero disclosure policy (Feb. 13)

Universal SSL: Public beta version of new CloudFlare service encrypts data from the browser to the origin for free. (Feb. 24)

Malware news + vulnerabilities

Google releases free, cloud-based web application security scanner that can help App Engine developers check for cross-site scripting and mixed content vulnerabilities. (Feb. 19)

Highlights from Internet Identity’s 2014 eCrime Trends Report (Feb. 25)

Fortinet: Decoy files used to spread CTB-Locker ransomware (Feb. 16)

Automattic (Feb. 6), Sucuri (Feb. 16), and SiteLock (Feb. 26) on a serious vulnerability affecting most versions of the Fancybox-for-WordPress plugin

SiteLock on a security flaw in the UpdraftPlus premium WordPress plugin (Feb. 17)

Sucuri: Vulnerabilities in Gravity Forms WP plugin (Feb. 26) and analytics plugin WP-Slimstat (Feb. 24)

Security news + perspectives

In case you missed it: After six years, StopBadware is shutting down its community forum. Details and recommended alternatives here.

Automattic: WordPress 4.1.1 is out! This one’s a maintenance release. (Feb. 18)

ESET on exploits: What are they, and how do they work? (Feb. 27)

DreamHost’s Mika E. talks about the virtues of open source and his experience writing plugins for WordPress. (Feb. 10)

SiteLock: How you can tell if a website is secure (Feb. 24)

Sucuri: Why websites get hacked (Feb. 26)

StopBadware shutting down community forum

Posted on February 24, 2015 - 13:43 by ccondon

It's been nearly six years to the day since StopBadware and its partners launched, our community platform for those who wanted to learn about and prevent badware. Over the years, the forum has helped thousands of website owners clean up hacked websites. Dozens of security experts have volunteered their time and talent to examine compromised sites, offer advice, and guide users to the best security resources for their needs. BadwareBusters has been exactly what it was intended to be when it launched in 2009: a place for our community to define its own needs, share stories, and learn from each other's experiences. 

At the end of this month, StopBadware will be shutting down the forum. We're terribly proud of all that our community has accomplished these past six years; we don't take lightly the decision to close up shop, but limited resources mean StopBadware is no longer able to maintain the forum in a way that's fair and productive for users. 

We're confident those seeking help with hacked sites and malware cleanup can find what they're searching for in places such as Google's malware forum, Bleeping Computer's forums, or Stack Exchange's community Q&As. StopBadware's hacked sites resources section also has useful tools and tutorials on finding and removing website malware, and longtime BadwareBusters moderator RedLeg maintains a gem of a site on website cleanup. 

Thanks for your participation and your wisdom. Keep learning.