Community news and analysis: May 2014
News from our partner community was plentiful this past month. Mozilla, one of our sustaining partners, launched two major initiatives, including the Cyber Security Delphi, a research project to set a clear path for making the Web safer: “As part of the Delphi research and recommendation initiative, Mozilla will bring together the best minds in security to understand threat vectors to online security and develop a concrete agenda to address them.”
Other highlights over the past month and change:
- Google announced an alpha version of a new Chrome extension for end-to-end encryption.
- Sucuri discovered a security vulnerability in popular WordPress plugin All in One SEO Pack. The VaultPress team over at Automattic subsequently released a hotfix.
- ESET published analysis of the first file-encrypting, TOR-enabled ransomware for Android.
Additional malware analysis:
- Fortinet analysis of Bublik downloader malware's evolution to escape detection
- In ESET's words, MiniDuke malware is "still duking it out"
- Sophos reported on "Oleg Pliss" Apple ransomware hitting Australian users
- Fortinet tracked the Lethic botnet as it morphed from spambot to clicker
- Malicious iFrame analysis from the Sucuri team "followed the eval trail"
- Internet Identity released their Q1 2014 eCrime trends report
Other security news from our partners:
- Mozilla introduced Winter of Security 2014
- Automattic released WordPress 3.9.1 (maintenance release)
- Nasty BlackShades RAT a threat to business (SiteLock)
- Worldwide law enforcement spends Cyber Monday "exterminating some nasty RATs" (Internet Identity)
- Android "police warning" ransomware—how to avoid it, and what to do if you get caught (Sophos)