Advisory for: Hikashop for Joomla! Security Risk: High (DREAD score : 7/10) Vulnerability: Object Injection / Remote Code Execution Updated Version: 2.3.2 In a routine audit of our Website Firewall we discovered a serious vulnerability within the Hikashop ecommerce product for Joomla! allowing remote code execution on the vulnerable website[s]. What are the risks? This […]
Website Malware – Curious .htaccess Conditional Redirect Case
I really enjoy when I see different types of conditional redirects on compromised sites. They are really hard to detect and always lead to interesting investigations. Take a look at this last one we identified: The curious aspect about it is the usage of a not so common .htaccess feature: variables. Most conditional injections rely […]
Conditional Malicious iFrame Targeting WordPress Web Sites
We have an email, [email protected] where we receive multiple questions a day about various forms of malware. One of the most common questions happen when our Free Security Scanner, SiteCheck, detects a spam injection or a hidden iframe and the user is unable to locate the infection in the source code. It’s not until we […]
WordFence WordPress Security Plugin Pushes a Security Update
If you are one of the many users of the WordPress Security Plugin, WordFence, we highly encourage you to update. They recently pushed out a security update that could be affecting your install. It is important to note however that what is interesting about this release is that it was actually a Low Severity issue. […]
Understanding the WordPress Security Plugin Ecosystem
As a child, did you ever play that game where you sit in a circle and one person is responsible for whispering something into one persons ear, and that message gets relayed around the circle? Wasn’t it always funny to see what the final message received would be? Oh and how it would have morphed […]
Website Security – Compromised Website Used To Hack Home Routers
What if we told you that a compromised website has the ability to hack your home router? Yesterday we were notified that a popular newspaper in Brazil (politica.estadao.com.br) was hacked and loading several iFrames. These iFrames were trying to change the DNS configuration on the victim’s DSL router by Brute Forcing the admin credentials. Sucuri – […]
Security Advisory – Critical Vulnerability in the VirtueMart Extension for Joomla!
Advisory for: VirtueMart for Joomla! Security Risk: High Exploitation level: Easy/Remote Vulnerability: Access control bypass / Increase of Privilege If you’re using the popular VirtueMart Joomla! extension (more than 3,500,000 downloads), you should update right away. During a routine audit for our Website Firewall product we found a critical vulnerability that could be used by a […]
Microsof IIS Web Server – CMD Process Contributing to Website Reinfections
We often spend a lot of time talking about application level malware, but from time to time we do like to dabble in the ever so interesting web server infections as well. It is one of those things that comes with the job. Today, we’re going to chat about an interesting reinfection case in which […]
Anatomy of 2,000 Compromised Web Servers used in DDoS Attack
One of our clients was being attacked by a layer-7 DDoS attack for more than a week. The attack was generating around 5,000 HTTP requests per second, which took his site and server down. It also caused his hosting company to suspend his server for “ToS violation”. Yes, some hosting companies consider a ToS violation […]
Slider Revolution Plugin Critical Vulnerability Being Exploited
Mika Epstein, Ipstenu, of Dreamhost, notified us today of a serious vulnerability in the WordPress Slider Revolution Premium plugin which was patched silently. It turns out that the vulnerability was disclosed via some underground forums, this led to a fix by the developers a few weeks later. The developer did not see a need to […]
