SPAM Hack Targets WordPress Core Install Directories
Do you run your website on WordPress? Have you checked the integrity of your core install lately for SPAM like “Google Pharmacy” stores or other fake stores? We have been tracking and analyzing a growing trend in SEO Spam (a.k.a., Search Engine Poisoning (SEP)) attacks in which thousands of compromised WordPress websites are being used […] more…CloudProxy + SPDY = A Faster Website
Our CloudProxy Firewall already protects and speeds load times for 1,000′s of websites. Now, it’ll be even faster. We’re happy to announce that we just added support for SPDY (pronounced speedy) across all of our plans and servers. Any website being protected by our CloudProxy firewall can enable SPDY support with just one click: If […] more…WordPress Plugin Alert — LoginWall Imposter Exposed
When you work with malware for a while, you start to become very good at pattern recognition. A couple sites in every hundred cleaned might be infected in a similar way and remembering the initial problem helps to quickly solve the problem for the current site. You might not know exactly why something seems fishy […] more…Take Back Your Internet – Demand a Safer Web
Over the last couple of weeks, we’ve written about malicious redirects pushing users to porn sites, ever more complicated phishing scams being carried out by multiple compromised websites on a single server and about adsense blackmail. We’ve written about how attackers hit these sites because that’s what we do. We figure out what they’re doing […] more…ANTIFULAI Targeted Attack Exploits Ichitaro Vulnerability
Targeted attacks are difficult to detect and mitigate by nature. We recently uncovered a targeted attack campaign we dubbed as “ANTIFULAI” that targets both government agencies and private industries in Japan. In our 2H 2013 Targeted Attack Trends report, we found that 80% of the analyzed cases of targeted attacks hit government institutions. Like many targeted attacks, ANTIFULAI uses […] more…Citrix Apps Used as Lure in Targeted Attack Against Global Airline
The effectiveness of a social engineering lure depends on relevance, and while in past attacks this could mean state-related issues, in some cases, it can be as specific as a particular service. We recently dealt with a targeted attack aimed at a major global airline that used certain Citrix products and services as its social engineering lure. The use […] more…Microsoft Updates Internet Explorer against Highly Targeted 0day Distributing Pirpi
The patch is up! Microsoft is pushing out an Out of Band (OOB) security update MS14-021 to address the recently disclosed Internet Explorer 0day exploit incidents involving a known, high end threat actor. Cheers to a quick response from such a large vendor on this issue! The story goes like this. The week of the […] more…Targeted Attacks and Ukraine
Lets start by stating that we know this blog post is dated April 1st. However, this is not an April Fools joke. In 2013, a series of attacks against European governments was observed by Kaspersky Lab. The malware in question, known as MiniDuke, had many interesting features: it was tiny in size at 20KB. It […] more…JCE Joomla Extension Attacks in the Wild
Our friends from SpiderLabs, issued a warning today on their blog about increased activity on their honeypots looking to exploit the old JCE (Joomla Content Editor) vulnerability. JCE is a very popular component that can be found enabled on almost any Joomla site. It has had a few serious vulnerabilities in the past (around 2011 […] more…Gameover ZeuS Targets Monster
Recently, we obtained a current Gameover ZeuS configuration file and we noticed that in addition to CareerBuilder — Gameover now also targets Monster. Here’s the legit hiring.monster.com URL: A computer infected with Gameover ZeuS will inject a new “Sign In” button, but the page looks otherwise identical: And then the following “security questions” are requested […] more…Understanding Denial of Service and Brute Force Attacks – WordPress, Joomla, Drupal, vBulletin
Many are likely getting emails with the following subject header Large Distributed Brute Force WordPress Attack Underway – 40,000 Attacks Per Minute. Just this week we put out a post titled More Than 162,000 WordPress Sites Used for Distributed Denial of Service Attack. What’s the Big Deal? Remember life before social media? How quiet and […] more…The Siesta Campaign: A New Targeted Attack Awakens
In the past few weeks, we have received several reports of targeted attacks that exploited various application vulnerabilities to infiltrate various organizations. Similar to the Safe Campaign, the campaigns we noted went seemingly unnoticed and under the radar. The attackers orchestrating the campaign we call the Siesta Campaign used multicomponent malware to target certain institutions that […] more…Mysterious Zencart Redirects Leverage HTTP Headers
About a week ago we got an interesting Zencart case. Being that we don’t often write about Zencart we figured it’d be good time to share the case and details on what we found. The Scenario The site was redirecting to “www .promgirl .de”. I know, not very unique. Additionally, it was only affecting “www” […] more…New IE Zero-Day Targets IE9 and IE10
A new zero-day vulnerability in certain versions of Internet Explorer has been identified and is being used in targeted attacks. Microsoft has not released an official bulletin acknowledging this vulnerability yet, but has spoken to news sites and confirmed that both Internet Explorer 9 and 10 are affected. The newest version, Internet Explorer 11, does not […] more…Malware and Winter Olympics
Whenever there’s a global sporting event, we get questions about the “cyber” angle. Could an event like The Olympics be targeted by malware outbreaks, or maybe DDoS attacks? And while there are some real security concerns, most coverage of cyber attacks during Olympics end up to be incorrectly reported or just hype. This is not […] more…Many Pieces of a Puzzle: Target, Neiman Marcus and Website Hacking
Corporations get hacked all the time. This is not news to anyone in the security business, but it has certainly received a lot of attention from those in the media over the last few weeks because of a couple of large-scale credit card events at both Target and Neiman Marcus. For the average person, website […] more…More information
- Free speech advocates say UK is too harsh in policing tweets
- eCommerce Server Maintenance – February 17
- In Other News: Data Breach Cost Rises, Russia Targets Diplomats, Tracker Alerts in Android
- Maintenance on the system, eDDS and PeDDS production systems
- Review: Panda Cloud Antivirus
- Delaware passes law to give others access to our e-lives when we die
- Intel’s 15 Billion Reasons Why an AI Chip Revolution Has Arrived
- Symantec Revokes Wrongly Issued Certificates
- Google patches critical bug on Android Nexus 5X devices
- AWS Launches New Tools for Firewalls, Certificates, Credentials