Hacked Websites – Page 7 – WindowsTechs.com

Dangerous Website Backups

Posted on July 2, 2020 by Denis Sinegubko

It’s a well-known fact that website backups are important for mitigating a plethora of site issues. They can help restore a site after a compromise or even facilitate the investigative process by providing a clean code base to compare the curren… Continue reading Dangerous Website Backups→

Cross Site Scripting in YITH WooCommerce Ajax Product Filter

Posted on June 22, 2020 by John Castro

During a routine research audit for our Sucuri Web Application Firewall, we discovered a cross-site scripting (XSS) vulnerability affecting 100,000+ users of the YITH WooCommerce Ajax Product Filter plugin.
Current State of the Vulnerability
Thi… Continue reading Cross Site Scripting in YITH WooCommerce Ajax Product Filter→

What is the Gibberish Hack?

Posted on June 12, 2020 by Justin Channell

Discovering some random folder with numbers and letters you don’t remember on your website would make any website owner put on their detective cap. At first, you may think, “Did I leave my FTP client open and my cat ran across the keyboard… Continue reading What is the Gibberish Hack?→

Evasion Tactics in Hybrid Credit Card Skimmers

Posted on June 5, 2020 by Denis Sinegubko

The most common type of Magento credit card stealing malware is client-side JavaScript that grabs data entered in a checkout form and sends it to a third-party server controlled by the attackers.
Though popular with bad actors, one of the drawbacks of… Continue reading Evasion Tactics in Hybrid Credit Card Skimmers→

Labs Notes Monthly Recap – May/2020

Posted on June 3, 2020 by Juliana Lewis

In 2020, we doubled up our research efforts to report on many new attacks and hacks that we see in the wild. We believe that being informed is a big part of having a good website security posture.
Sucuri Labs provides website malware research updates … Continue reading Labs Notes Monthly Recap – May/2020→

How to Find & Fix WordPress Pharma Hack

Posted on June 1, 2020 by Justin Channell

It’s hard for any website owner to discover pharmaceutical spam. Finding bogus content for prescription drugs on a website you watched grow from a tiny blog can be heartbreaking. But don’t blame your website: it just got caught up in a bad… Continue reading How to Find & Fix WordPress Pharma Hack→

YouTube Account Recovery Phishing

Posted on May 12, 2020 by Luke Leal

Phishing attacks against targeted channels have been successful in the past, as explained last year on ZDNet. Recently, our Remediation team found an interesting phishing page following a similar pattern that was targeting YouTube creators.
Phishing B… Continue reading YouTube Account Recovery Phishing→

Labs Notes Monthly Recap – April/2020

Posted on May 4, 2020 by Juliana Lewis

PinnacleCart Server-Side Skimmers and Backdoors

Posted on April 22, 2020 by Denis Sinegubko

While open-source ecommerce platforms are the most common targets for web skimmers, hackers also target paid-for software — especially if it’s used on high-profile online stores with large user-bases.
This time, our analysts Kara Federow a… Continue reading PinnacleCart Server-Side Skimmers and Backdoors→

Obfuscated WordPress Malware Dropper

Posted on April 21, 2020 by Luke Leal

It goes without saying that evasive maneuvering is at the top of a hacker’s priority list. Most often, they try to evade detection by obfuscating their malicious code to make it unreadable to the naked eye.
In our recent post we demonstrated how… Continue reading Obfuscated WordPress Malware Dropper→