Archive by Author

Fake SUPEE-5344 Patch Steals Payment Details

In case you don’t know, SUPEE-5344 is an official security patch to the infamous Magento shoplift bug. That bug allows bad actors to obtain admin access to vulnerable Magento sites. While the patch was released February 2015 many sites unfortunately did not update, this gave hackers an opportunity to compromise thousands of Magento powered online stores. The anatomy of theRead […]

Seo-moz.com SEO Spam Campaign

Here at Sucuri we handle countless cases of SEO spam. This malware involves a website being compromised in order to spread (mostly pharmaceutical) advertisements by linking visitors to unwanted websites and stuffing spam keywords into the site. These links and keywords help the spam websites to rank higher in search engines like Google, sending evenRead […]

Magento PCI Compliance Issues and Theft Over TLS

With about 30% of the market share, Magento is gradually becoming a “WordPress” of the ecommerce world. Like WordPress, it becomes a major target for hackers due to its popularity. However, in the case of Magento, the main goal that hackers pursue is to steal money, either from shop customers or the shop owners. DuringRead […]

Server Security: Import WordPress Events to OSSEC

We leverage OSSEC extensively to help monitor and protect our servers. If you are not familiar with OSSEC, it is an open source Intrusion Detection System (HIDS); it has a powerful correlation and analysis engine that integrates log analysis, file integrity monitoring, centralized policy enforcement, rootkit detection, real-time alerting, and active response. It provides complete coverageRead […]

Massive Admedia/Adverting iFrame Infection

This past weekend we registered a spike in WordPress infections where hackers injected encrypted code at the end of all legitimate .js files. The distinguishing features of this malware are: 32 hex digit comments at the beginning and end of the malicious code. E.g. /*e8def60c62ec31519121bfdb43fa078f*/ This comment is unique on every infected site. Most likely an MD5Read […]

The Risks of Hiring a Bad SEO Company

Today we are not going to explore malware or any other overtly malicious traffic. Instead this post is a warning about dishonest marketing tactics used by services claiming to improve your website traffic or Search Engine Optimization (SEO). We recently received a report from one our clients claiming that their website was experiencing a DistributedRead […]

Security Advisory: Stored XSS in Magento

Security Risk: Dangerous Exploitation Level: Easy/Remote DREAD Score: 7/10 Vulnerability: Stored XSS Patched Version:  Magento CE: 1.9,2.3, Magento EE: 1.14.2.3 During our regular research audits for our Cloud-based WAF, we discovered a Stored XSS vulnerability affecting the Magento platform that can be easily exploited remotely. We notified the Magento team and worked with them toRead […]

Server Security: OSSEC Integrates Slack and PagerDuty

We leverage OSSEC extensively to help monitor and protect our servers. If you are not familiar with OSSEC, it is an open source Intrusion Detection System (HIDS); it has a powerful correlation and analysis engine that integrates log analysis, file integrity monitoring, centralized policy enforcement, rootkit detection, real-time alerting, and active response. It provides complete coverageRead […]

Ransomware Strikes Websites

Ransomware is one of the most insidious types of malware that one can come across. These infections will encrypt all files on the target computer as well as any hard drives connected to the machine – pictures, videos, text files – you name it. This means that all of your files are locked. The attackersRead […]

Malicious Pastebin Replacement for jQuery

Website hackers are always changing tactics and borrowing ideas from each other. One of the challenges of website security is staying on top of those threats as they evolve. We wrote in the past about fake jQuery scripts and how hackers use Pastebin.com to host malware. This time, we will show you an attack thatRead […]