Archive by Author

Distributed Vulnerability Search – Told via Access Logs

Sometimes just a few lines of access logs can tell a whole story… Many ongoing attacks against WordPress and Joomla sites use a collection of known vulnerabilities in many different plugins, themes and components. This helps hackers maximize the number of sites they can compromise. Google Dorks Do you ever think about how hackers findRead […]

jQuery.min.php Malware Affects Thousands of Websites

Fake jQuery injections have been popular among hackers since jQuery itself went mainstream and became one of the most widely adopted JavaScript libraries. Every now and then we write about such attacks. Almost every week we see new fake jQuery domains and scripts that mimic jQuery. For example, one of the most prevalent malware infectionsRead […]

vBulletin Exploits in the Wild

The vBulletin team patched a serious object injection vulnerability yesterday, that can lead to full command execution on any site running on an out-of-date vBulletin version. The patch supports the latest versions, from 5.1.4 to 5.1.9. The vulnerability is serious and easy to exploit; it was used to hack and deface the main vBulletin.com website. As aRead […]

Return of the EXIF PHP Joomla Backdoor

Our Remediation and Research teams are in constant communication and collaboration. It’s how we stay ahead of the latest threats, but it also presents an opportunity to identify interesting threats that aren’t new but may be reoccuring. Such as today’s post, in which we explore a case we shared close to two years ago whereRead […]

WPScan Intro: WordPress Vulnerability Scanner

Have you ever wanted to run security tests on your WordPress website to see if it could be easily hacked? WPScan is a black box vulnerability scanner for WordPress sponsored by Sucuri and maintained by the WPScan Team, available free for Linux and Mac users. If you use Windows, you can install a virtual machineRead […]

Joomla SQL Injection Attacks in the Wild

  Last week, the Joomla team released an update patching a serious vulnerability in Joomla 3.x. This vulnerability, an SQL injection (CVE-2015-7858), allows for an attacker to take over a vulnerable site with ease. We predicted that the attacks would start in the wild very soon, due to the popularity of the Joomla platform alongRead […]

Joomla 3.4.5 released. Fixing a serious SQL Injection vulnerability

The Joomla team just released a new Joomla version (3.4.5) to fix some serious security vulnerabilities. The most critical one is a remote and unauthenticated SQL injection on the com_contenthistory module (included by default) that allows for a full take over of the vulnerable site. Directly from the Joomla announcement: Joomla! 3.4.5 is now available.Read […]

Massive Magento Guruincsite Infection

We are currently seeing a massive attack on Magento sites where hackers inject malicious scripts that create iframes from “guruincsite[.]com“. Google already blacklisted about seven thousand sites because of this malware. There are two modifications of it. The first script is in not obfuscated: Simple guruincsite script and the second one is obfuscated Obfuscated guruincsite script The obfuscatedRead […]

Security Advisory: Stored XSS in Akismet WordPress Plugin

Security Risk: Dangerous Exploitation Level: Easy/Remote DREAD Score: 9/10 Vulnerability: Stored XSS Patched Version:  3.1.5 During a routine audit for our WAF, we discovered a critical stored XSS vulnerability affecting Akismet, a popular WordPress plugin deployed by millions of installs. Vulnerability Disclosure Timeline: October 2nd, 2015 – Bug discovered, initial report to Automattic security team October 5th, 2015Read […]

Redirect to Microsoft Word Macro Virus

These days we rarely see Microsoft Word malware on websites, but it still exists and compromised websites can distribute this kind of malware as well. It’s not just email attachments when it comes to sharing infected documents. For example, this malicious file was found on a hacked Joomla site by our analyst Krasimir Konov. This scriptRead […]