BF-SIRT Newsletter 2014-32

Welcome to the newsletter! The biggest news this week is about how a group in Russia have manages to amass 1.2B email account credentials, and on top of that there are some posts of our own regarding OpenSSL, Drupal and WordPress. DDoS attacks are also going down, given that NTP servers are being patched which is great news, but it’s likely that other services will be abused instead.

Top 5 Security links
New site recovers files locked by cryptolocker ransomware
How to find website vulnerabilities using Wikto
QA on the reported theft of 1.2B email accounts
Hacker group targets video game companies to steal source code
New malware has no files

Top 5 Business Intelligence links
HTTPS used as ranking signal for Google searches
Crouching Yeti APT campaign stretches back four years
92% of brands fail email security test
Russian hackers amass 1.2B email accounts
DDoS attack volumes plummet as NTP servers got patched

Basefarm Posts
OpenSSL update available – patches 9 vulneabilities
WordPress and Drupal patched for DDoS vulnerability