Black Hat Tactics – Page 10

Vulnerable Versions of Adminer as a Universal Infection Vector

Posted on November 9, 2019 by Denis Sinegubko

This past week, we’ve been monitoring a new wave of website infections mostly impacting WordPress and Magento websites. We found that hackers have been injecting scripts from scripts.trasnaltemyrecords[.]com into multiple files and database tabl… Continue reading Vulnerable Versions of Adminer as a Universal Infection Vector→

Skimmers for Both Magento and WordPress

Posted on November 7, 2019 by Denis Sinegubko

We often write about malware that steal payment information from sites built with Magento and other types of e-commerce CMS.
When discussing credit card skimmers like Magecart, it’s sometimes overlooked that WordPress also has a decent share in … Continue reading Skimmers for Both Magento and WordPress→

Pharma Spam Redirects to .su & .eu Sites

Posted on November 4, 2019 by Denis Sinegubko

We regularly clean all sorts of black hat SEO infections. During these infection cleanups, we often find compromised websites redirecting visitors to fake “Canadian Pharmacy” landing pages selling counterfeit men’s health pills from … Continue reading Pharma Spam Redirects to .su & .eu Sites→

Data URLs and HTML Entities in New WordPress Malware

Posted on October 30, 2019 by Denis Sinegubko

Last week, an ongoing WordPress malware campaign started a new wave which included a variety of experimental injection types.
Scripts as Data URLs
The first type looks pretty similar to what we discussed in our recent post.
However, instead of placing… Continue reading Data URLs and HTML Entities in New WordPress Malware→

Throwback Threat Thursday: JCE Vulnerability

Posted on October 24, 2019 by Luke Leal

Despite WordPress’ market share completely overshadowing other CMS’, Joomla (previously known as Mambo) has still managed to retain its position as the second most popular CMS.
In fact, even with a decreasing market share in the overall CM… Continue reading Throwback Threat Thursday: JCE Vulnerability→

Fake UpdraftPlus Plugins

Posted on October 17, 2019 by Denis Sinegubko

We often find various fake WordPress plugins installed by hackers during website cleanups. Recently, we’ve noticed a new wave of infections that install fake plugins with backdoor functionality.
Malicious Plugins Sourced from UpdraftPlus
Attacke… Continue reading Fake UpdraftPlus Plugins→

Down the Malware Rabbit Hole – Part 1

Posted on October 3, 2019 by Cesar Anjos

It’s common for malware to be encoded to hide itself—or its true intentions—but have you ever given thought to what lengths attackers will go to hide their malicious code?
In our first post in this series, we’ll describe how ba… Continue reading Down the Malware Rabbit Hole – Part 1→

A New Wave of Buggy WordPress Infections

Posted on October 2, 2019 by Denis Sinegubko

We’ve been following an ongoing malware campaign for the past couple of years now. This campaign is renowned for its prompt addition of exploits for newly discovered WordPress theme and plugin vulnerabilities.
Every other week, the attackers int… Continue reading A New Wave of Buggy WordPress Infections→

Zero-Day RCE in vBulletin v5.0.0-v5.5.4

Posted on September 25, 2019 by Marc-Alexandre Montpas

A new remote code execution (RCE) zero-day vulnerability has been disclosed by an anonymous researcher on the Full Disclosure mailing list this past Monday.
This vulnerability is extremely severe. It allows any website visitors to run PHP code an… Continue reading Zero-Day RCE in vBulletin v5.0.0-v5.5.4→

The Hacker Returns: A Backdoor Edition

Posted on September 24, 2019 by Mohammed Obaid

Once an attacker manages to hack and gain access to a target site or system, they typically work hard to maintain their access—as long as it can to help them achieve their goals.
You can think of it like having an annoying party-crasher at your … Continue reading The Hacker Returns: A Backdoor Edition→