We love investigating unusual hacks. There are so many ways to compromise a website, but often it’s the same thing. When we see malicious code on web pages, our usual suspects are: Vulnerabilities in website software Trojanized software from untrusted sources (e.g. pirated themes and plugins) Stolen or brute-forced credentials (anything from FTP and SSH […]
Archive by Author
ASP Backdoors? Sure! It’s not just about PHP
I recently came to the realization that it might appear that we’re partial to PHP and WordPress. This realization has brought about an overwhelming need to correct that perception. While they do make up an interesting percentage, there are various other platforms and languages that have similar if not more devastating implications. Take into consideration […]
Google Blacklists Bit.ly
If you ever shortened a URL using bit.ly or if you use it anywhere, be aware that Google recently blacklisted all bit.ly pages through its Safe Browsing program. It means that anyone using Chrome, Firefox or Safari will get a nasty The site ahead contains malware warning when visiting a bit.ly link: Why would Google […]
Popular Brazilian Site “Porta dos Fundos” Hacked
A very well known Brazilian comedy site, “Porta dos Fundos,” was recently hacked and is pushing malware (drive-by-download) via a malicious Flash executable, as you can see from our Sitecheck results: SiteCheck Found Malware on Porta dos Fundos If you do not want the joke to be on you, do not visit this site (portadosfundos) […]
Manipulating WordPress Plugin Functions to Inject Malware
Most authors of website malware usually rely on the same tricks making it easy for malware researchers to spot obfuscated code, random files that don’t belong, and malicious lines injected at the top of a file. However, it can become difficult when the malware is buried deep within the lines of code on normal files.. […]
The Details Behind the Akeeba Backup Vulnerability
It’s been a month since our disclosure of a low-severity vulnerability affecting Akeeba Backup version 3.11.4, which allowed an attacker to list and download backups from a target website using the extension’s JSON API. As promised, here’s the technical details describing how it was possible for us to send valid requests to the API and […]
Malvertising Payload Targets Home Routers
A few weeks ago we wrote about compromised websites being used to attack your web routers at home by changing DNS settings. In that scenario the attackers embedded iFrames to do the heavy lifting, the short fall with this method is they require a website to inject the iFrame. As is often the case, tactics […]
Drupal SQL Injection Attempts in the Wild
Less than 48 hours ago, the Drupal team released an update (version 7.32) for a serious security vulnerability (SQL injection) that affected all versions of Drupal 7.x. In our last post, we talked about the vulnerability and that we expected to see attacks starting very soon due to how severe and easy it was to […]
Highly Critical SQL Injection Vulnerability Patched in Drupal Core
The Drupal team just released a security update for Drupal 7.x to address a highly critical SQL injection vulnerability. This bug can be exploited remotely by non-authenticated users and was classified as “Highly Critical” by the Drupal Security team. More information is available in their public advisory: Posted by Drupal Security Team on October 15, […]
Vulnerability Disclosed in SSL 3.0 – This Poodle Bites
It seems that SSL just cannot stay out of the news. Another vulnerability, this time in SSL 3.0, has been disclosed at the Google Online Security Blog. While SSL 3.0 has already been around for almost 15 years, it’s still being used throughout the Web, and nearly every browser supports it. The key point though, […]
