PrestaShop Attack Steals Login Credentials
Moe O Attackers compromise sites with a number of goals in mind – also referred to as actions on objective. In some instances they aim to abuse…
Malicious JavaScript Injected in Plugin Widget
Yuliyan Tsvetkov Each and every day the attackers get more clever and exploit new attack vectors. Sucuri Labs recently found a malicious JavaScript hidden in the database…
Labs Notes Monthly Recap – Nov/2016
Estevao Avillez Time for another monthly recap! If you haven’t seen the other monthly recaps, make sure to check out October and September. Our malware research and…
Vbulletin Infections Fighting for Dominance
Cesar Anjos A very common pattern in compromised websites is the presence of backdoors and other malicious codes. Attackers use different techniques and malware to abuse of…
Ask Sucuri: How to Stop Brute Force Attacks?
Daniel Cid Ask Sucuri: My site is under a brute force attack. What can I do? How can we solve this password guessing problem known as brute…
Magento Login and Credentials Stealer
Krasimir Konov Lately we’ve been dealing with an increase in attacks against ecommerce platforms. Attackers usually choose this type of solution (like Magento & others) because of…
How Scammers Abuse Baidu Search Results
Denis Sinegubko If you use Skype, recently you may have received Baidu link spam from some of your contacts. The links look like this: www.baidu[.]com/link?url=_QIcrpeV-oOPb6HGTgigvW00e0fiBQyFjSui12FrARO#emubahyt= When you click…
“Play One” Hidden Style Obfuscation
For many years, spam injections placed inside legitimate pages remain one of the prevalent types of black hat SEO hacks that we clean. Hackers constantly…
How to Secure Websites for Clients
Dre Armeda In our last webinar, How To Account For Security With Customer Projects, I spoke about maintenance and sustainment contracts – specifically how to use them…
Unrestricted Backend Login Backdoor on OpenCart
From the attacker’s perspective, creating ways to maintain access to a compromised website is desirable. We call them backdoors. Backdoors can be done in different…
Hidden iframe Injected into WordPress core file
Injecting malware into core files of CMS installations is one of the techniques attackers use. From the user’s perspective, it is easier to detect and…