The Hacker Returns: A Backdoor Edition
Moe O Once an attacker manages to hack and gain access to a target site or system, they typically work hard to maintain their access—as long as…
Browsing Category
Website Malware Infections
837 posts
Plugins Under Attack: August 2019
John Castro This is an update for the long-lasting malware campaign targeting vulnerable plugins during August and September. Please check our previous updates below: Multi-Vector Attack in…
Unauthenticated settings update in woocommerce-ajax-filters
woocommerce-ajax-filters, which currently has over 10,000 installations (versions <=1.3.6) allows unauthenticated attackers to arbitrarily update all the plugin options and redirect any user to an…
Misuse of WordPress update_option() function Leads to Website Infections
In the past four months, Sucuri has seen an increase in the number of plugins affected by the misuse of WordPress’ update_option() function. This function…
Throwback Threat Thursday: Joomla GoogleMaps Plugin SEO Spam Injection
Fioravante Souza Throwback Threat Thursday is a series of posts where we recall older vulnerabilities that have since been patched by their developers. In the past, these…
What is Cryptocurrency Mining Malware?
Brian Bautista Before we get into the details of “Cryptocurrency Mining Malware”, we need to understand first what cryptocurrency is and what miners are. What is Cryptocurrency?…
TimThumb Attacks: The Scale of Legacy Malware Infections
Denis Sinegubko These days, we consider a malware campaign massive if it affects a couple thousand websites. However, back in the day when Sucuri first started its…
Lack of controls when using WordPress’ update_option() with user input data equals plugin nightmare
As mentioned in recent posts, WordPress’ update_option() function is used to update any option in the options database table. If the permission flow when using…
What Hackers Do after Gaining Access to a Website
Pilar Garcia A hack or cyber attack is the act of maliciously entering, taking control over, or manipulating by force a web application, server, or file that…
Skimmers and Phishing
Recently, we shared a post about a network of domains used in a JavaScript credit card stealing malware campaign. These domains are all hosted on…
KOSONG Credit Card Stealer
Our security analyst Christopher Morrow recently discovered a server-side Magento skimmer that was injected into the savePayment function in the app/code/core/Mage/Checkout/Model/Type/Onepage.php file. This code emails…