HTTPS Everywhere 3.0 Released

The EFF has released an updated version of its popular HTTPS Everywhere browser plugin, which enables users to automatically connect over HTTPS to many sites. The newest version of the extension now supports more than 1,500 sites.

Adobe, Microsoft Issue Updates for Critical Flaws in Flash Player

Adobe earlier today issued a security update for its Flash Player to seal serious security vulnerabilities that could crash and possibly allow remote control of machines with the popular media software installed.Microsoft also issued a security advisory for similar vulnerabilities that could impact users of Internet Explorer 10 as well as all supported editions of Windows 8 and Windows Server 2012.

Dorkbot Now Worming Its Way through Skype

The Dorkbot worm that fooled many a Facebook and Twitter user is now socially engineering Skype users into downloading the malware, whose payload now includes a mechanism to lock down machines.Various antivirus and security companies are reporting the latest iteration rummages through an infected Skype user’s contact list and sends the message “Lol is this your new profile pic?” in English. It sends a similar message in German, too.


Hundreds of thousands of users who signed up for an inexpensive proxy service called Proxybox.name got quite a steal alright. They ended up installing a Trojan horse linked to a botnet first detected last summer.Researchers at Symantec reverse engineered the Backdoor.Proxybox malware and unearthed a major black hat operation and perhaps the actual malware developer.

It’s been just a few days since NIST approved Keccak as the winner of the SHA-3 competition, and it likely will be some time before we begin seeing the new hash algorithm popping up in common products and services. However, some in the cryptography community say it may not be a bad idea to start making plans to move away from the older SHA-1 algorithm fairly soon, given the quickly dropping cost of compute power.

Malware intent on SMS fraud, also known as toll fraud, has been a constant on mobile platforms, Android in particular, for some time. And FakeInst is definitely king of the hill when it comes to this type of malware. Prevalent in Russia and the rest of Eastern Europe, the malware poses as popular applications, free games or screensaver and once installed, sends premium SMS messages to a service controlled by an attacker. The malware also intercepts messages confirming the charges from wireless providers and ultimately, the user is socked with a massive phone bill while the attacker quietly cashes in. A recent report from Lookout Security said toll fraud malware accounted for 91% of mobile malware and FakeInst malware has netted more than $10 million this year for the attackers behind the malware.

Adobe’s revocation of a code-signing certificate that had been used by attackers to sign several malicious utilities sparked concerns in the security community about widespread malware attacks using those utilities. The key concern was that most antimalware systems will implicitly trust files that are digitally signed and so would pass them by without flagging them as malicious. However, security researchers say that the utilities, while still circulating, aren’t being used in large-scale attacks.

A flurry of fake, ad-laden Angry Birds lookalike games have flooded the Google Chrome Web store of late. The online marketplace where Google sells extensions and games for its Chrome browser has seen an influx of games mimicking “Bad Piggies,” a new game Rovio Entertainment recently released that puts a twist on its ubiquitous Angry Birds game.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.