Community news and analysis: June 2014

Posted on July 9, 2014 - 14:25 by ccondon

Plugin vulnerabilities and new variants of old malware were prevalent themes in our partner community the past month, but there was some positive stuff, too. One highlight was an informative DreamUp on WordPress security hosted by our partners over at DreamHost. The DreamUp is over, but the video proof that it happened lives on:


Malware analysis

ESET: New interactive exploit kit redirection technique and recent targeted attacks against the Vietnamese government

Sophos: Reports of the demise of VBA viruses have been greatly exaggerated; a CryptoLocker wannabe called SimpleLocker demands ransoms from Android users.

Fortinet: A new Zeus variant and the JackPOS credit card stealer

Sucuri: Spam hack targets WordPress core install directories; a trio of security holes in plugins for WordPress: zero-day in TimThumb’s Webshot feature, vulnerability in the Disqus Comment System plugin, and a serious vulnerability in MailPoet's WP plugin

Other security news

Google: Maintaining digital certificate security; Google Drive update to protect shared links

Qualys: July 2014 Patch Tuesday preview and analysis

SiteLock: Could hackers really clone your business?

DreamHost + CloudFlare: 9 tips to make your WordPress blog more secure

Community news and analysis: May 2014

Posted on June 9, 2014 - 12:25 by ccondon

News from our partner community was plentiful this past month. Mozilla, one of our sustaining partners, launched two major initiatives, including the Cyber Security Delphi, a research project to set a clear path for making the Web safer: “As part of the Delphi research and recommendation initiative, Mozilla will bring together the best minds in security to understand threat vectors to online security and develop a concrete agenda to address them.”

Other highlights over the past month and change:

Additional malware analysis:

Other security news from our partners:


Community news and analysis: April 2014

Posted on April 24, 2014 - 15:09 by ccondon

April news from around our partner community includes updates to several major malware variants, two new vulnerability disclosure programs, and a critical security update for the popular Jetpack WordPress plugin. 

Malware analysis

Facebook webinject leads to iBanking mobile bot (ESET)

Update to Linux/Ebury, updated indicators of compromise (ESET)

Significant update to P2P Zeus botnet malware (Fortinet)

Other security news

New Security Measures Will Affect Older (non-OAuth 2.0) Applications (Google Online Security Blog)

$10,000 Security Bug Bounty for Certification Verification (Mozilla)

Testing for Heartbleed vulnerability without exploiting the server (Mozilla)

Why data is the new hacker currency (SiteLock)

New CloudFlare vulnerability disclosure program (CloudFlare)

Critical update for Jetpack WordPress plugin (Sucuri)