Cookie-nabbing app could have served users side helping of XSS
A popular GDPR compliance WordPress plugin vendor has patched a flaw that rendered both site visitors and admins vulnerable to XSS attacks. more…Malicious JavaScript Used in WP Site/Home URL Redirects
Our team recently found a malicious JavaScript injection within the WordPress index.php theme file on a compromised WordPress website which ultimately redirects site visitors to a survey-for-gifts scam website. At this time of writing, we have seen over two thousand new infected sites since we started tracking this infection. The injection seen below is used […] more…5 Year Anniversary of the SoakSoak Malware Tsunami
This is a story about the SoakSoak malware campaign that proved that you can’t underestimate impact of security issues in popular premium software. These days, the majority of popular content management systems are 100% free: WordPress, Magento, Joomla, Drupal, etc. Moreover, most CMS extensions are also free. In fact, modern webmasters can build any type […] more…5 Malware & Virus Scanning Tools You Need to Check Out
Website malware is no joke. Our own research shows that with WordPress, by far today’s most common content management system (CMS), new infections are on the rise. Even with security researchers working constantly to uncover and remediate website malware, new threats continue to emerge — and today there are nearly 2 billion different types of […] more…Unmasking Black Hat SEO for Dating Scams
Malware obfuscation comes in all shapes and sizes — and it’s sometimes hard to recognize the difference between malicious and legitimate code when you see it. Recently, we came across an interesting case where attackers went a few extra miles to make it more difficult to notice the site infection. Mysterious wp-config.php Inclusion During the […] more…5 Website Vulnerability Scanning Tools
Even the most diligent site owners should consider when they had their last website security check. As our own research indicates, infections of the most popular content management systems (CMS) are on the rise. In fact, last year WordPress infections jumped 8%, compared with 2017. That’s why it’s so important to regularly use a website […] more…APT review: what the world’s threat actors got up to in 2019
What were the most interesting developments in terms of APT activity during the year and what can we learn from them? This is not an easy question to answer, because researchers have only partial visibility and it´s impossible to fully understand the motivation for some attacks or the developments behind them. However, let´s try to […] more…Another Fake Google Domain: fonts.googlesapi.com
Our Remediation team lead Ben Martin recently found a fake Google domain that is pretty convincing to the naked eye. The malicious domain was abusing the URL shortener service is.gd: shortened URLs were being injected into the posts table of the client’s WordPress database. Whenever the infected WordPress page loads, the actual content is obscured […] more…The cybercrime ecosystem: attacking blogs
Executive summary The Cybercrime Ecosystem is a series of articles explaining how cybercriminals operate, what drives them, what techniques they use and how we, regular Internet users, are part of that ecosystem. The articles will also cover technical details and up-to-date research on the threat landscape to provide a more realistic understanding of why this […] more…Vulnerable Versions of Adminer as a Universal Infection Vector
This past week, we’ve been monitoring a new wave of website infections mostly impacting WordPress and Magento websites. We found that hackers have been injecting scripts from scripts.trasnaltemyrecords[.]com into multiple files and database tables. This is still the same ongoing campaign that we’ve been following for the past few years, where site visitors are redirected […] more…Throwback Threat Thursday: JCE Vulnerability
Despite WordPress’ market share completely overshadowing other CMS’, Joomla (previously known as Mambo) has still managed to retain its position as the second most popular CMS. In fact, even with a decreasing market share in the overall CMS landscape, there are still well over a million live websites using Joomla to manage their digital content. […] more…Fake UpdraftPlus Plugins
We often find various fake WordPress plugins installed by hackers during website cleanups. Recently, we’ve noticed a new wave of infections that install fake plugins with backdoor functionality. Malicious Plugins Sourced from UpdraftPlus Attackers have been using different names for these fake plugins, including initiatorseo or updrat123—but any title can be used. While their code […] more…APT trends report Q3 2019
For more than two years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. They […] more…How Visiting a Trusted Site Could Infect Your Employees
The Artful and Dangerous Dynamics of Watering Hole Attacks A group of researchers recently published findings of an exploitation of multiple iPhone vulnerabilities using websites to infect final targets. The key concept behind this type of attack is the use of trusted websites as an intermediate platform to attack others, and it’s defined as a watering hole […] more…Patch early, patch often – and patch everything!
Here’s our latest Naked Security Live video – all about WordPress, plugins and patching. more…Spam Campaign Abuses PHP Functions for Persistence, Uses Compromised Devices for Evasion and Intrusion
By Augusto Remillano II One of our honeypots detected a spam campaign that uses compromised devices to attack vulnerable web servers. After brute-forcing devices with weak access credentials, the attackers use them as proxies to forward a base64-encoded PHP script to web servers. The script sends an email with an embedded link to a scam […] more…More information
- Crypto exchange in limbo after founder dies with password
- Authentication is all around us! 60 Sec Security [VIDEO]
- Best practices for lowering cyber insurance costs and cyber risk
- Facial recognition still can’t beat a 22 cent pair of sunglasses
- Hackers Charged for Creating 6K Strong Cryptojacking Network
- Advantech Patches Flaws in WebAccess SCADA Software
- Should You Use AES or TKIP for a Faster Wi-Fi Network?
- See how beautiful a DDoS attack can look
- Scotland Yard Twitter and Emails Hacked
- Facebook’s untimely block on Tor mistakenly freaks out activists