Archive by Author

Malware Campaigns Sharing Network Resources:

We recently noticed an interesting example of network infrastructure resources being used over a period of time by more than one large scale malware campaign (e.g redirected traffic, cryptomining). This was discovered when reviewing sources of the various malicious domains used in a recent WordPress plugin exploit wave. Mass Infection of WordPress Websites The latest Easy More Info »

SQL Injection in Magento Core

Magento has released a new security update fixing multiple types of vulnerabilities including Cross-Site Request Forgery, Cross-Site Scripting, SQL Injection, and Remote Code Execution. To be exploited, the majority of these vulnerabilities require the attacker to be authenticated on the site and have some level of privilege. One of the bugs listed includes an SQL More Info »

Stored XSS Patched in WordPress 5.1.1

WordPress recently released an update, 5.1.1, which patches a stored XSS vulnerability in the platform’s comment system. Even 10 days after the release of this security patch, around 60% of all WordPress sites scanned by our services didn’t have this fix applied. We are not aware of any exploit attempts using the vulnerability currently. Should More Info »

How to Choose a Website Security Provider

As more people are creating websites and becoming aware of website security, companies are popping up everywhere to help with the problem. And just like website security plugins, not all website security services are created equal. Here at Sucuri, we believe that you should do your website security comparison research so you know the options available More Info »

Zero-Day Stored XSS in Social Warfare

A zero-day vulnerability has just appeared in the WordPress plugin world, affecting over 70,000 sites using the Social Warfare plugin. The plugin is vulnerable to a Stored XSS (Cross-Site Scripting) vulnerability and has been removed from the plugin repository. Attacks can be conducted by any users visiting the site. A patch has been released and More Info »

0day Vulnerability in Easy WP SMTP Affects Thousands of Sites

The Easy WP SMTP plugin authors have released a new update, fixing a very critical 0day vulnerability. When leveraged, this vulnerability gives unauthenticated attackers the power to modify any options of an affected site — ultimately leading to a complete site compromise. The vulnerability, found only in version 1.3.9, has been seen exploited in the More Info »

More on Dnsden[.]biz Swipers and Radix Obfuscation

After recent publication of the Uncommon Radixes Used in Malware Obfuscation article, we found an interesting Twitter thread involving @EKFiddle and @Ledtech3 #EKFiddle [Regex update]: Added Radix Web Skimmer identified by @unmaskparasites ( domain seen in campaigns: checkip[.]biz — EKFiddle (@EKFiddle) March 17, 2019 Just a brief round up of the Twitter discussion. Neither More Info »

Arbitrary Directory Deletion in WP-Fastest-Cache

The WP-Fastest-Cache plugin authors released a new update, version, fixing a vulnerability (CVE-2019-6726) present during its install alongside the WP-PostRatings plugin. According to “A successful attack allows an unauthenticated attacker to specify a path to a directory from which files and directories will be deleted recursively. The vulnerable code path extracts the path More Info »

Uncommon Radixes Used in Malware Obfuscation

Some JavaScript features allow for pretty interesting obfuscation techniques. For example, did you know that virtually any English word can be used as a valid number? I recently decoded a credit card stealing script injected at the bottom of a js/varien/js.js file: There were several layers of obfuscation. During the final stage of decoding, I More Info »