April 1, Help Net Security – (International) WordPress sites compromised to redirect to Pirate Bay clone, exploit kit. Security researchers at Malwarebytes identified a malware campaign that uses an unknown number of compromised WordPress Web sites containing iframes that direct users to a site hosting the Nuclear exploit kit, which leverages an Adobe Flash Player vulnerability in versions before 16.0.0.287 to download a banking trojan. Source
April 1, Softpedia – (International) Firefox 37 fixes critical flaws, adds OneCRL certificate revocation mechanism. Mozilla released an update for its Firefox browser that addresses several critical vulnerabilities, including two type confusion flaws, two memory corruption crashes, a user-after-free error, and memory safety hazards that could have allowed attackers to run arbitrary code on users’ systems. Firefox version 37 also includes OneCRL, a feature that allows developers to update the list of revoked certificates without pushing a new application update. Source
March 31, Softpedia – (International) Google bans 192 bad extensions affecting 14 million Chrome users. Google removed 192 extensions from its Web store that contained ad injectors that exposed up to 14 million users to risks of man-in-the-middle (MitM) attacks and links to install dangerous software, after researchers at the University of California, Berkeley devised a method to root out potentially malicious extensions. Findings from a recent Google study confirmed that 5 percent of all visitors to Google sites have ad injectors present on their systems, and that 34 percent of Chrome extensions that contained ad injectors were classified as malware. Source