Tag Archives: javascript

A Plugin’s Expired Domain Poses a Security Threat to Websites

Do you keep all your website software (including all third-party themes, plugins and components) up-to-date? You should! We always recommend this to our clients and our readers. Applying updates quickly will make sure that you replace any vulnerable code as soon as the security patch is released. However, this isn’t the only reason to keep… More Info »

Phishing Attacks Target Ecommerce Checkout Pages

Hunting credit card details on compromised ecommerce websites has become popular over the last two years. We have reported multiple cases in the past where attackers targeted checkout pages and payment modules via malicious “patches” designed to steal payment details. These thefts can’t be easily detected by customers (no visible signs) nor the site owners… More Info »

How we built Origin CA: Web Crypto

At CloudFlare we strive to combine features that are simple, secure, and backed by solid technology. The Origin CA is a great example of this. You no longer need to go to a third-party certificate authority to protect the connection between CloudFlare and your origin server. You can now get a certificate to encrypt the More Info »

Security Advisory: Stored XSS in bbPress

Exploitation Level: Easy/Remote DREAD Score: 6/10 Vulnerability: Stored XSS Patched Version:  bbPress 2.5.9 During regular research audits of our Sucuri Firewall, we discovered a Stored XSS vulnerability affecting the bbPress plugin for WordPress which is currently installed on 300,000 live websites – one of them being the popular wordpress.org support forum. Vulnerability Disclosure Timeline: AprilRead More Info »

Massive Admedia/Adverting iFrame Infection

This past weekend we registered a spike in WordPress infections where hackers injected encrypted code at the end of all legitimate .js files. The distinguishing features of this malware are: 32 hex digit comments at the beginning and end of the malicious code. E.g. /*e8def60c62ec31519121bfdb43fa078f*/ This comment is unique on every infected site. Most likely an MD5Read More Info »

Hacked Websites Redirect to Bitcoin.org

Recently, we began to notice that some hacked websites were redirecting traffic from certain browsers to the BitCoin site, bitcoin.org. What’s going on? Is Bitcoin using black hat SEO? Is their site malicious? As you can see, the hacked website doesn’t redirect to bitcoin.org directly. It first redirects to “194 .6 .233 .7/mxjbb . cgi?default“, whichRead More Info »

Malvertising on a Website Without Ads

When you first configure your website, whether it be WordPress, Joomla, Drupal, or any other flavor of the month, it is often in its purest state. Unless ofcourse the server was previously compromised, which in it of itself is another conversation outright. Barring that one instance, the new website should not exhibit any malicious behavior. More Info »