The Details Behind the Akeeba Backup Vulnerability

It’s been a month since our disclosure of a low-severity vulnerability affecting Akeeba Backup version 3.11.4, which allowed an attacker to list and download backups from a target website using the extension’s JSON API.  As promised, here’s the technical details describing how it was possible for us to send valid requests to the API and download our test website’s database and file backups.

Getting to Know the Code’s Structure

Here’s where the main event takes place. Note that $request->body contains our decrypted JSON payload. This will be useful later on:


Read More

Malvertising Payload Targets Home Routers

Screen-Shot-2014-10-16-at-12.41.07-PM

A few weeks ago we wrote about compromised websites being used to attack your web routers at home by changing DNS settings. In that scenario the attackers embedded iFrames to do the heavy lifting, the short fall with this method is they require a
Read More

Drupal SQL Injection Attempts in the Wild

Less than 48 hours ago, the Drupal team released an update (version 7.32) for a serious security vulnerability (SQL injection) that affected all versions of Drupal 7.x. Our last post shared some thoughts on the issue, specifically concerns around
Read More

Highly Critical SQL Injection Vulnerability Patched in Drupal Core

The Drupal team just released a security update for Drupal 7.x to address a highly critical SQL injection vulnerability. This bug can be exploited remotely by non-authenticated users and was classified as "Highly Critical" by the Drupal Security
Read More

Vulnerability Disclosed in SSL 3.0 – This Poodle Bites

It seems that SSL just cannot stay out of the news. Another vulnerability, this time in SSL 3.0, has been disclosed at the Google Online Security Blog. While SSL 3.0 has already been around for almost 15 years, it's still being used throughout the
Read More

WordPress Websites Continue to Get Hacked via MailPoet Plugin Vulnerability

The popular Mailpoet(wysija-newsletters) WordPress plugin had a serious file upload vulnerability a few months back, allowing an attacker to upload files to vulnerable sites. This issue was disclosed months ago and the MailPoet team patched it
Read More

Website Attacks – SQL Injection And The Threat They Present

Sucuri - SQL Injection Example - Load File Abuse

We are starting a new series of articles where we will talk about different active website attacks we are seeing. The first one we will cover is known as a SQL Injection (SQLi). Some might know what a SQL Injection (SQLi) attack looks like, but
Read More

Phishing with help from Compromised WordPress Sites

Gmail Phishing on wp-includes

We get thousands of spam and phishing emails daily. We use good spam filters (along with Gmail) and that greatly reduces the noise in our inbox. Today though, one slipped through the crack and showed up in my personal inbox:
Read More

Website Security: A Case of SEO Poisoning

Sucuri - SEO Poisoining Dirty Home Page

There are so many ways your website can be co-opted by hackers for many different reasons, targeting the value created via your SEO is highly attractive. It provides an attacker the opportunity to cheat the system by quickly benefiting from your raw
Read More

Joomla! 3.3.5 Released – Fixing High Priority Security Issues

Screen Shot 2014-09-30 at 4.04.31 PM

Update: It seems like there is a glitch in the new version and the Joomla team is urging its users not to upgrade yet. From their twitter: Original post: The Joomla team just released versions 3.3.5, 3.2.6 and 2.5.26, patching high
Read More