Black Hat Tactics – Page 7 – WindowsTechs.com

Dangerous Website Backups

Posted on July 2, 2020 by Denis Sinegubko

It’s a well-known fact that website backups are important for mitigating a plethora of site issues. They can help restore a site after a compromise or even facilitate the investigative process by providing a clean code base to compare the curren… Continue reading Dangerous Website Backups→

Cross Site Scripting in YITH WooCommerce Ajax Product Filter

Posted on June 22, 2020 by John Castro

During a routine research audit for our Sucuri Web Application Firewall, we discovered a cross-site scripting (XSS) vulnerability affecting 100,000+ users of the YITH WooCommerce Ajax Product Filter plugin.
Current State of the Vulnerability
Thi… Continue reading Cross Site Scripting in YITH WooCommerce Ajax Product Filter→

What is the Gibberish Hack?

Posted on June 12, 2020 by Justin Channell

Discovering some random folder with numbers and letters you don’t remember on your website would make any website owner put on their detective cap. At first, you may think, “Did I leave my FTP client open and my cat ran across the keyboard… Continue reading What is the Gibberish Hack?→

Evasion Tactics in Hybrid Credit Card Skimmers

Posted on June 5, 2020 by Denis Sinegubko

The most common type of Magento credit card stealing malware is client-side JavaScript that grabs data entered in a checkout form and sends it to a third-party server controlled by the attackers.
Though popular with bad actors, one of the drawbacks of… Continue reading Evasion Tactics in Hybrid Credit Card Skimmers→

Steam Phishing Campaign Uses CS:GO Skin Gambling Lure

Posted on May 20, 2020 by Luke Leal

Attackers regularly target online gaming accounts as they can quickly sell any transferable items along with account logins to a third party. This scenario has cropped up for years now, and has affected a growing number of popular online games ranging… Continue reading Steam Phishing Campaign Uses CS:GO Skin Gambling Lure→

YouTube Account Recovery Phishing

Posted on May 12, 2020 by Luke Leal

Phishing attacks against targeted channels have been successful in the past, as explained last year on ZDNet. Recently, our Remediation team found an interesting phishing page following a similar pattern that was targeting YouTube creators.
Phishing B… Continue reading YouTube Account Recovery Phishing→

Phishing Campaign Targets Poste Italiane & SMS OTP Verification

Posted on April 29, 2020 by Luke Leal

When creating phishing lures, attackers may cite recent major regulatory changes within the context of their social engineering scheme to confuse or further entice victims into clicking a link or performing some action.
For example, in September 2019 … Continue reading Phishing Campaign Targets Poste Italiane & SMS OTP Verification→

Duplicated Vulnerabilities in WordPress Plugins

Posted on April 24, 2020 by Antony Garand

During a recent plugin audit, we noticed a weird pattern among many plugins responsible for performing a specific task: Duplicating a page or a post.
With a bit of research, we came to the following conclusion: Many of these plugins came from the same… Continue reading Duplicated Vulnerabilities in WordPress Plugins→

PinnacleCart Server-Side Skimmers and Backdoors

Posted on April 22, 2020 by Denis Sinegubko

While open-source ecommerce platforms are the most common targets for web skimmers, hackers also target paid-for software — especially if it’s used on high-profile online stores with large user-bases.
This time, our analysts Kara Federow a… Continue reading PinnacleCart Server-Side Skimmers and Backdoors→

Obfuscated WordPress Malware Dropper

Posted on April 21, 2020 by Luke Leal

It goes without saying that evasive maneuvering is at the top of a hacker’s priority list. Most often, they try to evade detection by obfuscating their malicious code to make it unreadable to the naked eye.
In our recent post we demonstrated how… Continue reading Obfuscated WordPress Malware Dropper→