Websites Compromised with CloudFrond Injection
If you haven’t already noticed, we spent a good deal of time scraping the bottom of the interweb barrel, it’s dirty work, but someone has to do it. I’m not going to lie though, to us it’s fascinating digging up little nuggets daily, understanding how attackers think and uncovering the latest trends. Besides, it gives […] more…Facebook Users Targeted By Android Same Origin Policy Exploit
A few months back we discussed the Android Same Origin Policy (SOP) vulnerability, which we later found to have a wider reach than first thought. Now, attacks are found under the collaboration of Trend Micro and Facebook, which actively attempt to exploit this particular vulnerability, whose code we believe was based in publicly available Metasploit code. This attack targets Facebook users […] more…What’s New in Exploit Kits in 2014
Around this time in 2013, the most commonly used exploit kit – the Blackhole Exploit Kit – was shut down after its creator, Paunch, was arrested by law enforcement. Since then, a variety of exploit kits has emerged and have been used by cybercriminals. The emergence of so many replacements has also meant that there […] more…SoakSoak: Payload Analysis – Evolution of Compromised Sites – IE 11
Thousands of WordPress sites have been hit by the SoakSoak attack lately. At this moment we know quite a lot about it; it uses the RevSlider vulnerability as a point of penetration, then uploads a backdoor and infects all websites that share the same server account. This means websites that don’t use the RevSlider plugin […] more…Malvertising on a Website Without Ads
When you first configure your website, whether it be WordPress, Joomla, Drupal, or any other flavor of the month, it is often in its purest state. Unless ofcourse the server was previously compromised, which in it of itself is another conversation outright. Barring that one instance, the new website should not exhibit any malicious behavior. […] more…IIS, Compromised GoDaddy Servers, and Cyber Monday Spam
While doing an analysis of one black-hat SEO doorway on a hacked site, I noticed that it linked to many similar doorways on other websites, and all those websites were on IIS servers. When I see these patterns, I try to dig deeper and figure out what else those websites have in common. This time […] more…Security advisory – High severity – InfiniteWP Client WordPress plugin
Advisory for: InfiniteWP Client for WordPress Security Risk: High (DREAD score : 8/10) Exploitation level: Easy/Remote Vulnerability: Privilege escalation and potential Object Injection vulnerability. Patched Version: 1.3.8 If you’re using the InfiniteWP WordPress Client plugin to manage your website, now is a good time to update. While doing a routine audit of our Website Firewall […] more…Typos Can have a Bigger Impact Than Expected
Have you ever thought about the cost of a typo? You know what I mean, a simple misspelling of a word somewhere on your website. Do you think there’s a risk in that? You may have seen the Grammar Police all over your comments yelling that you used the wrong version of “your” and pointing […] more…The Dangers of Hosted Scripts – Hacked jQuery Timers
Google blacklisted a client’s website claiming that malicious content was being displayed from forogozoropoto.2waky.com. A scan didn’t reveal anything suspicious. The next step was to check all third-party scripts on the website. Soon we found the offending script. It was hxxp://jquery.offput.ca/js/jquery.timers.js – a jQuery Timers plugin that was moderately popular 5-6 years ago. Right now, […] more…Who’s Behind Operation Huyao?
As previously discussed Operation Huyao is a well-designed phishing scheme that relys on relay/proxy sites that pull content directly from their target sites to make their phishing sites appear to be more realistic and believable. Only one such attack, targeting a well-known Japanese site, has been documented. No other sites have been targeted by this attack.Publicly available information suggests that […] more…Root Cause Analysis of CVE-2014-1772 – An Internet Explorer Use After Free Vulnerability
We see many kinds of vulnerabilities on a regular basis. These range from user-after-free (UAF) vulnerabilities, to type confusion, to buffer overflows, to cross-site scripting (XSS) attacks. It’s rather interesting to understand the root cause of each of these vulnerability types, so we looked at the root cause of an Internet Explorer vulnerability – CVE-2014-1772. We’d […] more…Malicious iFrame Injector Found in Adobe Flash File (.SWF)
Finding malware in Adobe Flash files (.swf) is nothing new, but it usually affects personal computers, not servers. Typically, a hidden iFrame is used to drop a binary browser exploit with .SWF files, infecting the client machine. This time we saw the opposite, where a binary .SWF file injects an invisible iFrame. This is an […] more…An In-Depth Look Into Malicious Browser Extensions
Malicious browser extensions bring about security risks as these often lead to system infection and unwanted spamming on Facebook. Based on our data, these attacks have notably affected users in Brazil. We have previously reported that cybercriminals are putting malicious browsers in the official Chrome Web store. We also came across malware that bypasses a Google security […] more…Threat Introduced via Browser Extensions
We love investigating unusual hacks. There are so many ways to compromise a website, but often it’s the same thing. When we see malicious code on web pages, our usual suspects are: Vulnerabilities in website software Trojanized software from untrusted sources (e.g. pirated themes and plugins) Stolen or brute-forced credentials (anything from FTP and SSH […] more…Popular Brazilian Site “Porta dos Fundos” Hacked
A very well known Brazilian comedy site, “Porta dos Fundos,” was recently hacked and is pushing malware (drive-by-download) via a malicious Flash executable, as you can see from our Sitecheck results: SiteCheck Detected Malware on Porta dos Fundos If you do not want the joke to be on you, do not visit this site (portadosfundos) […] more…YouTube Ads Lead To Exploit Kits, Hit US Victims
Malicious ads are a common method of sending users to sites that contain malicious code. Recently, however, these ads have showed up on a new attack platform: YouTube. Over the past few months, we have been monitoring a malicious campaign that used malicious ads to direct users to various malicious sites. Users in the United States have […] more…More information
- Microsoft Windows Hyper-V CVE-2018-8490 Remote Code Execution Vulnerability
- Security industry to female hackers: We want YOU!
- SiteCheck Malware Trends Report – Q3 2022
- Anonymous plans more attacks on Chinese Web sites
- Huawei Accuses US of Cyberattacks, Coercing Employees
- Office DDE attack works in Outlook too – here’s what to do
- Is this how Apple will support app sideloading in Europe?
- Zero Networks Raises $55 Million for Microsegmentation Solution
- Enterasys to demo mobile management software for BYOD
- Facing your OS or mail server’s end of life? Google can help.