How to Create a Free Website
In this day and age, it is imperative for all businesses to have their own online presence. Most prospective customers will want to do a search online for your business, and if they see no website, they will be unlikely to make use of your services. But fear not! Building your own website doesn’t need […] more…Zero-day XML External Entity (XXE) Injection Vulnerability in Internet Explorer Can Let Attackers Steal Files, System Info
By: Ranga Duraisamy and Kassiane Westell (Vulnerability Researchers) A zero-day extensible markup language (XML) external entity (XXE) injection vulnerability in Microsoft Internet Explorer (IE) was recently disclosed by security researcher John Page. An attacker can reportedly exploit this vulnerability to steal confidential information or exfiltrate local files from the victim’s machine. Page tested the vulnerability […] more…From .tk Redirects to PushKa Browser Notification Scam
In the past couple of years, we’ve been tracking a long-lasting campaign responsible for injecting malicious scripts into WordPress sites. This campaign leverages old vulnerabilities (patched a long time ago) found in a variety of outdated themes and plugins. However, it also adds new vulnerabilities as soon as they are disclosed—like the recent Social Warfare […] more…SQL Injection in Advance Contact Form 7 DB
As part of our regular research audits for our Sucuri Firewall, we discovered an SQL injection vulnerability affecting 40,000+ users of the Advanced Contact Form 7 DB WordPress plugin. Current State of the Vulnerability This plugin saves all Contact Form 7 submissions to the database using a friendly interface. Though the bug has been fixed […] more…Malware Campaigns Sharing Network Resources: r00ts.ninja
We recently noticed an interesting example of network infrastructure resources being used over a period of time by more than one large scale malware campaign (e.g redirected traffic, cryptomining). This was discovered when reviewing sources of the various malicious domains used in a recent WordPress plugin exploit wave. Mass Infection of WordPress Websites The latest Easy […] more…Cryptocurrency businesses still being targeted by Lazarus
It’s hardly news to anyone who follows cyberthreat intelligence that the Lazarus APT group targets financial entities, especially cryptocurrency exchanges. Financial gain remains one of the main goals for Lazarus, with its tactics, techniques, and procedures constantly evolving to avoid detection. In the middle of 2018, we published our Operation Applejeus research, which highlighted Lazarus’s […] more…Zero-Day Stored XSS in Social Warfare
A zero-day vulnerability has just appeared in the WordPress plugin world, affecting over 70,000 sites using the Social Warfare plugin. The plugin is vulnerable to a Stored XSS (Cross-Site Scripting) vulnerability and has been removed from the plugin repository. Attacks can be conducted by any users visiting the site. A patch has been released and […] more…Beware of Keyloggers – This is How Hackers Crack Accounts
The supposedly big hurdle for hackers when accessing accounts such as email, Facebook, online banking and so on is the password. However, the password for digital burglars seems to be no big deal anymore. Passwords can be spied out via so-called keyloggers. A keylogger is software that records the keystrokes and thus the string of […] more…With Mirai Comes Miori: IoT Botnet Delivered via ThinkPHP Remote Code Execution Exploit
by Augusto Remillano II and Mark Vicente (Threats Analysts) The exploitation of vulnerabilities in smart devices has been a persistent problem for many internet of things (IoT) users. Perhaps the most infamous IoT threat is the constantly evolving Mirai malware, which has been used in many past campaigns that compromised devices with default or weak […] more…Ghosts of Botnet’s Past, Present, and Future
‘Twas the morning of October 21st, and all through the house many IoT devices were stirring, including a connected mouse. Of course, this wasn’t the night before Christmas, but rather the morning of Dyn — the 2016 DDoS attack on the service provider that took the entire East Coast offline for a few hours. The […] more…Clever SEO Spam Injection
It’s very common for us here at Sucuri to face SEO injections on almost any type of CMS-based site. Today, I’ll be presenting how one particularly ingenious malware manages to hide so well inside a WordPress website. The Traditional Approach There are two common approaches attackers use to inject SEO spam on websites: Injecting HTML […] more…Using Innocent Roles to Hide Admin Users
All across the internet, we find guides and tutorials on how to keep your WordPress site secure. Most of them approach the concept of user roles, but not many actually approach the capabilities of those roles. The way the capabilities are handled on WordPress makes it quite easy to change what each role is allowed […] more…Erealitatea[.]net Hack Corrupts Websites with WP GDPR Compliance Plugin Vulnerability
We have noticed a growing number of WordPress-based sites that have had their URL settings changed to hxxp://erealitatea[.]net. Further investigations show that the issue is related to a security vulnerability in the WP GDPR Compliance plugin for WordPress (with 100,000+ active installations). The new General Data Protection Regulation (GDPR) laws in the EU have made […] more…10 Tips to Improve Your Website Security
Having a website has become easier than ever due to the proliferation of great tools and services in the web development space. Content management systems (CMS) like WordPress, Joomla!, Drupal, Magento, and others allow business owners to build an online presence rapidly. The CMS’s highly extensible architectures, rich plugins, and effective modules have reduced the […] more…Multiple Ways to Inject the Same Tech Support Scam Malware
Last month, we shared information about yet another series of ongoing massive infections using multiple different vectors to inject malicious scripts into WordPress websites. Shortly after, the campaign changed the domain names used in its scripts. Now it mainly uses hotopponents[.]site and learningtoolkit[.]club. At the time of this writing, PublicWWW finds the most common patterns […] more…Outdated Duplicator Plugin RCE Abused
We’re seeing an increase in the number of cases where attackers are disabling WordPress sites by removing or rewriting its wp-config.php file. These cases are all linked to the same vulnerable software: WordPress Duplicator Plugin. Versions lower than 1.2.42 of Snap Creek Duplicator plugin are vulnerable to a Remote Code Execution attack, where the malicious visitor is […] more…More information
- Marquis Data Breach Affects 672,000 Individuals
- Google warns of Android flaw used to gain root access to devices
- AI-Powered Super Soldiers Are More Than Just a Pipe Dream
- US Food Companies Warned of BEC Attacks Stealing Food Product Shipments
- Where to Find Quality Final Drive Motors For Your Heavy Equipment
- Researchers Analyze Traffic Statistics of Popular Cybercrime Forums
- Google-Nest merger reawakens privacy worries
- In Other News: European Banks Put to Test, Voting DDoS Attacks, Tenable Exploring Sale
- YouTube star hit with copyright lawsuit, label seeks $150,000 per song
- Facebook is a bad way to rate potential employees, study finds