StopBadware Partners | StopBadware

StopBadware Partners

StopBadware Partners

Community news and analysis: May 2015

Posted on June 9, 2015 - 12:54 by ccondon

Featured news

  • How effective are the security questions—and answers—used to protect sensitive accounts and information? Not very, according to new Google research. Read about how easy it is for hackers and bots to guess answers to common questions, and what users can do about it.
  • Google also published research last month on the ad injection economy (key findings here, full report here).
  • Mozilla sent a communication to CAs with root certificates included in Mozilla’s program; Mozilla, acting in the best interest of users, asked CAs to respond to five action items. They’ve stated they intend to publish the responses this month.
  • WordPress users: The Automattic team released WordPress 4.2.2, featuring critical security fixes, the first week of May. Please make sure you’re updated!
  • DomainTools put together their first report profiling malicious domains by delving into domain registration attributes and overlaying this with data on malicious activity. Their summary links to the full report here.

Malware news + analysis

  • ESET: Whitepaper on CPL malware in Brazil
  • Sophos: “PolloCrypt” ransomware sounds as ridiculous as its mascots look—but it’s a real thing targeting Aussie users. Also from Sophos: Can Rombertik malware really destroy your computer? Nope.
  • Fortinet analyses of Rombertik malware and Tinba botnet malware
  • Sucuri: Hacked websites redirect to...Bitcoin?

Other security news

  • SiteLock: Who else is reading your email? A guide to PGP encryption
  • Fortinet: Should new WHO disease-naming guidelines also be applied to malware?

Community news and analysis: March 2015

Posted on April 13, 2015 - 12:11 by ccondon

Featured news

Google cracks down on Chrome extensions that inject ads and degrade users’ browsing experiences (31 March). Google also added information about unwanted software to their Safe Browsing API last month (24 March).

Automattic: Five ways to secure WordPress plugins (27 March), preventing cross-site scripting in JavaScript (25 March), and a blind SQL injection vulnerability found in Yoast’s popular WordPress SEO plugin (13 March).

Three cheers for open information: Check out DreamHost’s first ever Transparency Report!

Malware news

ESET analyses “Casper” malware used against Syrian targets and likely developed by the same group behind the Babar and Bunny malware (5 March).

SiteLock demonstrates what it looks like to infect a website (19 March).

Sophos on the new TeslaCrypt ransomware targeting gamers running Windows (16 March) and developments in Microsoft Office malware (6 March).

A couple pieces of interesting Sucuri analysis: WordPress malware causes pseudo-DarkLeech infection (26 March); ‘inverted WordPress Trojan’ adds useful features along with malware (11 March).

Other security news

Mozilla on memory scanning for server security (12 March) and revoking trust in one CNNIC intermediate certificate (23 March).

Qualys: GHOST remote code execution exploit (17 March).

Fortinet: Cross-site scripting vulnerability discovered in WordPress Photo Gallery plugin with 12 million downloads (20 March).

Community news and analysis: February 2015

Posted on March 3, 2015 - 11:08 by ccondon

Featured news: Superfish, new malware warnings, universal SSL

Read Mozilla’s directions for getting Superfish out of Firefox (Feb. 27), Sophos on Superfish removal (Feb. 20), and a Fortinet Superfish FAQ. (Feb. 20) ESET also has a wise piece on unwarranted panic and false positives. (Feb. 20) Note: We hope we don’t ever have to write the word “Superfish” again.

Google Safe Browsing expands Chrome warnings: New warnings let users know when they’re about to visit a site known for encouraging downloads of unwanted or suspicious software. (Feb. 23)

Feedback and data-driven updates to Google’s Project Zero disclosure policy (Feb. 13)

Universal SSL: Public beta version of new CloudFlare service encrypts data from the browser to the origin for free. (Feb. 24)

Malware news + vulnerabilities

Google releases free, cloud-based web application security scanner that can help App Engine developers check for cross-site scripting and mixed content vulnerabilities. (Feb. 19)

Highlights from Internet Identity’s 2014 eCrime Trends Report (Feb. 25)

Fortinet: Decoy files used to spread CTB-Locker ransomware (Feb. 16)

Automattic (Feb. 6), Sucuri (Feb. 16), and SiteLock (Feb. 26) on a serious vulnerability affecting most versions of the Fancybox-for-WordPress plugin

SiteLock on a security flaw in the UpdraftPlus premium WordPress plugin (Feb. 17)

Sucuri: Vulnerabilities in Gravity Forms WP plugin (Feb. 26) and analytics plugin WP-Slimstat (Feb. 24)

Security news + perspectives

In case you missed it: After six years, StopBadware is shutting down its community forum. Details and recommended alternatives here.

Automattic: WordPress 4.1.1 is out! This one’s a maintenance release. (Feb. 18)

ESET on exploits: What are they, and how do they work? (Feb. 27)

DreamHost’s Mika E. talks about the virtues of open source and his experience writing plugins for WordPress. (Feb. 10)

SiteLock: How you can tell if a website is secure (Feb. 24)

Sucuri: Why websites get hacked (Feb. 26)