Here's a quick (late) roundup of security community happenings from last month. Naturally, the SoakSoak malware campaign has been foremost on our minds, but December brought a number of other announcements and some neat malware analysis from our partners, too.
- Google released code for End-to-End Chrome extension to open source (GitHub repository). As of last month, the extension, which enables end-to-end encryption for Gmail within Chrome, was not yet ready for the Chrome Web Store.
- Qualys on December Patch Tuesday
- ESET and Sophos on Win32/VirLock, a parasitic, polymorphic hybrid strain of ransomware
- Sucuri on the massive SoakSoak malware campaign, the RevSlider vulnerability that led to it, and infection evolution
- Automattic on scanning for SoakSoak and how to begin fixing a compromised site
- Fortinet: Analysis of a JAR obfuscated malware packer
A PSA from Blake, our testing intern: