“Unfortunately, it’s likely your site was hacked.”
Google has launched a new “Help for Hacked Sites” information series to help site owners deal with hacking and understand how to recover their hacked websites.
There are articles and informative videos, detailing both what to do in case you are hacked, and help diagnose specific malware infection types. More information on Google Online Security Blog Thank you Google, it is a great resource!
Other resources: Read also “Compromised Websites: An Owner’s Perspective.” – A study by StopAdware found that 26% of webmasters who had their sites hacked reported their sites were still compromised.
How Secure is The Cloud?
The Evernote hack this past weekend forced 50 million users to reset their passwords and reflect on the significance of securing their online data. What good is storing your data in the Cloud if the provider is lax with security? While a secure second copy of your data is always your best defense against data loss, it is of no use if your perceived precaution is in fact a risk of not just losing your data, but making it public and available.
It is a great reminder of how important a good password is. But it is also a stark reminder to ask your cloud provider some critical questions about their security.
After the security breach Evernote announced that it plans to adopt two-factor authentication as quickly as possible.
“We were already planning to roll out optional two-factor authentication to all of our users later this year,” said Evernote spokeswoman Ronda Scott via email to their customers. “We are accelerating those plans now.” Should they not have thought about that before?
Read also eSecurity Planet: Evernote to Add Two-Factor Authentication Following Breach
Read also: Protecting your online security – Your guide to safe passwords
Apple’s App Store lacking Encryption
CSO Online reports that Apple’s App Store lacked encryption protection for months:
“Apple’s app store operated for months without the protection of SSL encryption, according to researchers.
Apple announced it had fixed the problem in January, but the researchers who discovered the flaw didn’t write about it until this month.”
The article is worth reading in full, as it gives a comprehensive overview of all the various ways in which users of the App store could be compromised.
Theola malware uses a Chrome plugin for banking fraud
Welivesecurity reports “how Theola malware uses a Chrome plugin for banking fraud”
“Theola malware uses a Chrome plugin for banking fraud
Win32/Theola is one of the most malicious components of the notorious bootkit family, Win32/Mebroot.FX (known since 2007). The Theola family encompasses malicious browser plugins installed by Mebroot for banking fraud operations.
We have been tracking an increase in detections of these plugins since the end of January 2013. The countries where Theola is most commonly detected are the Netherlands, Norway, Italy, Denmark and Czech Republic.”
Interesting reading for the technically minded.
(Win32/Mebroot.FX Removal information here)
Finally … China claims it is willing to talk to U.S about Cybersecurity
“Responding to a U.S. request for “constructive direct dialogue” about cyberattacks, the Chinese government says it’s ready to sit down and talk.
The U.S. and China both say they want to directly discuss the issue of cybersecurity, but the odds of an open discussion are slim at best.”
from an article on Cnet News
Interesting reading in light of the hacking of major US newspapers at the beginning of the year.