We have recently published posts regarding banking malware and some of the ways it uses compromised websites to infect victim’s devices (smartphones, computers, POS terminals). Now let us look into some of the methods that cybercriminals use to monetize stolen information like bank accounts, credit cards, and personal information. Infected Ecommerce Website to Darknet Markets […]
Tag Archives: Website Security
Typo 3 Spam Infection
Here at Sucuri most of the malware that we deal with is on CMS platforms like: WordPress, Joomla, Drupal, Magento, and others. But every now and then we come across something a little different. Blackhat SEO Infection in Typo3 Just recently, I discovered a website using the Typo3 CMS that had been infected with a […]
Sucuri’s 10th Anniversary
It feels like yesterday, but it has been 10 years since the domain sucuri.net was registered. Happy 10th Birthday, Sucuri! For us, 2009 marks the birth of the brand as it represents the day when the open-source project secured its name. The first Sucuri service was originally called NBIM (Network Based Integrity Monitoring). Sucuri intended […]
Reset Email Account Passwords After a Website Malware Infection
It’s not uncommon for bad actors to use compromised websites to send large amounts of email spam. This can cause major headaches for website owners — spam can lead to the blacklisting of a web host’s mail server IPs, or the domain name itself may be placed on blacklists like Spamhaus DBL. Reset Email Passwords […]
PCI for SMB: Requirement 12 – Maintain an Information Security Policy
Welcome to the final post to conclude our series on understanding the Payment Card Industry Data Security Standard–PCI DSS. We want to show how PCI DSS affects anyone going through the compliance process using the PCI SAQ’s (Self Assessment Questionnaires). In the previous articles written about PCI, we covered the following: Requirement 1: Build and […]
ThinkPHP 5.x Remote Code Execution
Earlier this year, we noticed an increase in attacks aiming at ThinkPHP, which is a PHP framework that is very popular in Asia. If you keep track of your site’s activity, the following log may look familiar: POST: /index.php?s=captcha HTTP/1.1 Data: _method=__construct&filter[]=system&method=get&server[REQUEST_METHOD]=uname&ipconfig In December 2018, a working exploit was released for the versions v5.0.23 and […]
From .tk Redirects to PushKa Browser Notification Scam
In the past couple of years, we’ve been tracking a long-lasting campaign responsible for injecting malicious scripts into WordPress sites. This campaign leverages old vulnerabilities (patched a long time ago) found in a variety of outdated themes and plugins. However, it also adds new vulnerabilities as soon as they are disclosed—like the recent Social Warfare […]
Attacks on Closed WordPress Plugins
The WordPress plugin repository team may “close” plugins and restrict downloads when they become aware of a security issue that the developer cannot fix quickly. However, bad actors are actively monitoring the WordPress plugin repository, paying close attention to these closed plugins. This may result in massive attacks if the attacker is able to identify the […]
DDoS Targeting WordPress Search
Have you ever stopped to think about how many resources a search engine has or if your website could handle the same amount of search traffic that Google does? Search engines play an important role on the internet and with how websites perform. One may say that they are the actual doorway to the online […]
Malware Campaigns Sharing Network Resources: r00ts.ninja
We recently noticed an interesting example of network infrastructure resources being used over a period of time by more than one large scale malware campaign (e.g redirected traffic, cryptomining). This was discovered when reviewing sources of the various malicious domains used in a recent WordPress plugin exploit wave. Mass Infection of WordPress Websites The latest Easy […]
