February 2020 – Security

Episode 68: More Plugin Vulnerabilities and Active Attack Campaigns

February 29, 2020 by Kathy Zant

Kathy Zant

This week, we review numerous plugin vulnerabilities in popular WordPress plugins and the attacks that are targeting them. We also review the Duplicator vulnerability affecting over 1 million sites, and Chloe Chamberland’s discovery of multiple vulnerabilities in the Pricing Table by Supsystic plugin. Some WordPress-focused companies, Elementor and Strattic, receive…

Going Beyond Black History Month

February 29, 2020 by Fallon Blossom

Fallon Blossom

Around this time of year in the United States, African-Americans are often tasked with explaining why we spend 28 (or in the case of a leap year 29) days celebrating the contributions our ancestors made to this country. It may come in the form of responding to ignorant questions posed…

FCC Proposes to Fine Wireless Carriers $200M for Selling Customer Location Data

February 28, 2020 by BrianKrebs

BrianKrebs

The U.S. Federal Communications Commission (FCC) today proposed fines of more than $200 million against the nation’s four largest wireless carriers for selling access to their customers’ location information without taking adequate precautions to prevent unauthorized access to that data. While the fines would be among the largest the FCC…

Episode 67: Avoiding Common Vulnerabilities When Developing WordPress Plugins

February 28, 2020 by Kathy Zant

Kathy Zant

Almost every week, a new vulnerability is discovered in a popular WordPress plugin or theme, leaving developers scrambling to fix it before it’s widely exploited. Surprisingly, almost all critical vulnerabilities boil down to a few common mistakes. In this talk from WordCamp Phoenix, Ramuel Gall reviews these common errors and…

Securing Memory at EPYC Scale

February 28, 2020 by Derek Chamorro

Derek Chamorro

Security is a serious business, one that we do not take lightly at Cloudflare. We have invested a lot of effort into ensuring that our services, both external and internal, are protected by meeting or exceeding industry best practices. Encryption is a huge part of our strategy as it is…

Site Takeover Campaign Exploits Multiple Zero-Day Vulnerabilities

February 27, 2020 by Mikey Veenstra

Mikey Veenstra

Early yesterday, the Flexible Checkout Fields for WooCommerce plugin received a critical update to patch a zero-day vulnerability which allowed attackers to modify the plugin’s settings. As our Threat Intelligence team researched the scope of this attack campaign, we discovered three additional zero-day vulnerabilities in popular WordPress plugins that are being exploited…

Helping Developers with Permission Requests

February 27, 2020February 27, 2020 by Scott Westover

Scott Westover

Posted by Sai Teja Peddinti, Nina Taft and Igor Bilogrevic from PDPO Applied Privacy Research, and Pauline Anthonysamy from Android Security and Privacy. User trust is critical to the success of developers of every size. On the Google Play Store, we aim to help developers boost the trust of their…

Gen X Performance Tuning

February 27, 2020 by Sung Park

Sung Park

We are using AMD 2nd Gen EPYC 7642 for our tenth generation “Gen X” servers. We found many aspects of this processor compelling such as its increase in performance due to its frequency bump and cache-to-core ratio. We have partnered with AMD to get the best performance out of this…

How to Use Wordlister to Create Custom Password Combinations for Cracking

February 26, 2020May 4, 2020 by drd_

drd_

Password cracking is a specialty of some hackers, and it's often thought that raw computing power trumps everything else. That is true in some cases, but sometimes it's more about the wordlist. Making a custom, targeted wordlist can cut down cracking time considerably, and Wordlister can help with that. Wordlister…

Introducing Secrets and Environment Variables to Cloudflare Workers

February 26, 2020 by John Donmoyer

John Donmoyer

The Workers team here at Cloudflare has been hard at work shipping a bunch of new features in the last year and we’ve seen some amazing things built with the tools we’ve provided. However, as my uncle once said, with great serverless platform growth comes great responsibility. One of the…

Zyxel 0day Affects its Firewall Products, Too

February 26, 2020 by BrianKrebs

BrianKrebs

On Monday, networking hardware maker Zyxel released security updates to plug a critical security hole in its network attached storage (NAS) devices that is being actively exploited by crooks who specialize in deploying ransomware. Today, Zyxel acknowledged the same flaw is present in many of its firewall products. This week’s…

Uncovering threat infrastructure via URL, domain and IP address advanced pivots a.k.a. Netloc Intelligence

February 26, 2020April 24, 2020 by Emiliano Martinez

Emiliano Martinez

Quick links:https://support.virustotal.com/hc/en-us/articles/360001387057https://developers.virustotal.com/v3.0/reference#intelligence-searchhttps://github.com/VirusTotal/vt-pyTen years ago, VirusTotal launched VT Intelligence; a critical component of VT Enterprise which offers users the capability to search over VirusTotal's dataset using advanced search modifiers. VT Intelligence allows security professionals to pinpoint malware based on its structural, behavioural, binary, metadata, etc. properties to uncover entire threat campaigns.For…

Impact of Cache Locality

February 26, 2020 by Sung Park

Sung Park

In the past, we didn't have the opportunity to evaluate as many CPUs as we do today. The hardware ecosystem was simple – Intel had consistently delivered industry leading processors. Other vendors could not compete with them on both performance and cost. Recently it all changed: AMD has been challenging…

Data Encryption on Android with Jetpack Security

February 25, 2020February 27, 2020 by Scott Westover

Scott Westover

Posted by Jon Markoff, Staff Developer Advocate, Android Security Have you ever tried to encrypt data in your app? As a developer, you want to keep data safe, and in the hands of the party intended to use. But if you’re like most Android developers, you don’t have a dedicated…

Improving Malicious Document Detection in Gmail with Deep Learning

February 25, 2020March 10, 2020 by Sarah O'Rourke

Sarah O'Rourke

Posted by Elie Bursztein, Security & Anti-Abuse Research Lead; David Tao, Software Engineer; Neil Kumaran, Product Manager, Gmail Security Gmail protects your incoming mail against spam, phishing attempts, and malware. Our existing machine learning models are highly effective at doing this, and in conjunction with our other protections, they help block…

1 2 3 … 5 Next »