community news

community news

Community news and analysis: August 2014

Posted on September 9, 2014 - 16:56 by ccondon

The most widely read piece of security news this past month has undoubtedly been the impact of the widespread Backoff point-of-sale (PoS) malware family. Backoff is suspected to be the culprit behind several recent data breaches at major companies. US-CERT issued an advisory on 31 July warning that “seven PoS system providers/vendors have confirmed that they have had multiple clients affected,” and the U.S. Secret Service “currently estimates that over 1,000 U.S. businesses are affected.” Full advisory here.

Our partners have covered this topic in depth, as have other reputable sources in the security community. Below are some sources of actionable information from people we know and trust.

Backoff Malware: What You Should Know (Qualys)

Is Your Point of Sale Machine Protected Against Attacks? (ESET)

6 Tips to Keep Your Data Safe (Sophos)

An Analysis of the Backoff PoS Malware (Fortinet)

Malware analysis

Krysanec Android Trojan disguises itself as legitimate apps (ESET)

Fortinet’s Axelle Apvrille analyses the AdThief/iOS malware that stole revenue from 22 million ads (PDF via Virus Bulletin)

Android “Heart App” virus spreads quickly, author arrested within 17 hours (Sophos)

Two IRCbots: DorkBot and its twin, NgrBot (Fortinet)

Other security news

In support of efforts to encourage the use of SSL across the Web, Google announced this past month that they will begin using HTTPS as a ranking signal. Sites using SSL may get a slight boost in Google’s search rankings, and it’s possible this might increase over time. On the heels of Google’s news, our partners at CloudFlare announced that they’re working on making SSL free for all their customers, including free customers.

If your website is already serving over HTTPS, you can use this free tool from Qualys to test security and configuration. Want more information about what Google’s changes might mean for websites and their administrators? Check out DreamHost’s writeup.

Mozilla: Public key pinning released in Firefox

Automattic acquired BruteProtect, a WordPress plugin and service that protects sites from malicious logins and helps site owners keep updated. Automattic says they intend to build this functionality into Jetpack, which is neat news for the security-conscious WordPress community.

In mid-August, CloudFlare launched Tinfoil Security, a service that helps site owners find web application vulnerabilities. The free plan on their pricing tier allows webmasters to check for XSS vulnerabilities.

Plugin vulnerabilities in popular CMSes this month: Slider Revolution for WordPress, Akeeba Backup extension for Joomla, Custom Contact Forms for WordPress (Sucuri).

Community news and analysis: July 2014

Posted on August 4, 2014 - 17:05 by ccondon

July may bring out the summer sloth in all of us, but you wouldn't know it from last month's news cycle. Here's our monthly roundup of security news and malware analysis from our partner community.

Featured news

Google launched Project Zero to ‘significantly reduce the number of people harmed by targeted attacks.’ In the announcement post, Google’s Chris Evans made clear that they’re intentionally not limiting the scope of the project, though they do intend to engage in the traditional practice of hunting and reporting security vulnerabilities. You can follow the Project Zero blog here.

Mozilla is improving malware detection in Firefox: The latest version of the browser will use Google’s Safe Browsing service to check whether downloaded files are listed as malicious. According to the team at Mozilla, tests indicate this feature cuts in half the amount of malware that makes it through to users. Score.

Google is revamping their malware warnings in Chrome. The new warnings have a starker look and tone—take a peek.

Malware analysis

The latest variant of Simplocker Android malware encrypts archive files, demands a higher ransom, and is harder to remove. Get details from ESET here.

ESET also analyzed a new strain of the Win32/Aibatook banking malware, which has been spreading via Japanese adult websites since April 2014. The campaign is tailored against two Japanese banks and uses a Java vulnerability to target Internet Explorer users.

Bad passwords on point-of-sale terminals lead to card-stealing Backoff malware. More from Sophos.

Soraya malware combines Zeus- and Dexter-like techniques: read Fortinet’s technical analysis.

Injected malware redirects mobile users to porn app (Sucuri).

Updates to the Asprox botnet: new C&C command, better encryption. Read more (Fortinet).

Even more security news

How ZeroCMS could have avoided cross-site scripting vulnerability CVE-2014-4710 (Qualys).

The half-life of an IE vulnerability is now 17 days—down from 30 days in 2009 (Qualys).

Still not sure of your botnet terminology? SiteLock has you covered with Botnets 101.

Shylock banking malware C&C infrastructure seized in international takedown operation led by UK’s National Crime Agency (Sophos).  

What do carnivals and cybersecurity have in common? We’re not sure, but Internet Identity’s Paul Ferguson ties them together nicely in this short and sweet video on the security advice he’d give CEOs.

Sucuri on backups—the forgotten website security pillar.

Community news and analysis: June 2014

Posted on July 9, 2014 - 14:25 by ccondon

Plugin vulnerabilities and new variants of old malware were prevalent themes in our partner community the past month, but there was some positive stuff, too. One highlight was an informative DreamUp on WordPress security hosted by our partners over at DreamHost. The DreamUp is over, but the video proof that it happened lives on:


Malware analysis

ESET: New interactive exploit kit redirection technique and recent targeted attacks against the Vietnamese government

Sophos: Reports of the demise of VBA viruses have been greatly exaggerated; a CryptoLocker wannabe called SimpleLocker demands ransoms from Android users.

Fortinet: A new Zeus variant and the JackPOS credit card stealer

Sucuri: Spam hack targets WordPress core install directories; a trio of security holes in plugins for WordPress: zero-day in TimThumb’s Webshot feature, vulnerability in the Disqus Comment System plugin, and a serious vulnerability in MailPoet's WP plugin

Other security news

Google: Maintaining digital certificate security; Google Drive update to protect shared links

Qualys: July 2014 Patch Tuesday preview and analysis

SiteLock: Could hackers really clone your business?

DreamHost + CloudFlare: 9 tips to make your WordPress blog more secure