HackDig : Dig high-quality web security articles for hacker

Analysis of the Fancybox-For-WordPress Vulnerability

We were alerted last week of a malware outbreak affecting WordPress sites using version 3.0.2 and lower of the fancybox-for-wordpress plugin. As announced, here are some of the details explaining how attackers could use this vulnerability to inject malicious iframes on websites using this plugin. Technical details This vulnerability exploited a somewhat well
Publish At:2015-02-16 18:05 | Read:2658 | Comments:0 | Tags:Vulnerability Disclosure Website Infection[s] WordPress Secu

Websites Compromised with CloudFrond Injection

If you haven’t already noticed, we spent a good deal of time scraping the bottom of the interweb barrel, it’s dirty work, but someone has to do it. I’m not going to lie though, to us it’s fascinating digging up little nuggets daily, understanding how attackers think and uncovering the latest trends. Besides, it gives us countless oppo
Publish At:2015-01-07 20:45 | Read:3831 | Comments:0 | Tags:Website Infection[s] Website Malware Cloud

New Malware Campaign – WPcache-Blogger – Affects Thousands more WordPress Websites via RevSlider

If SoakSoak wasn’t enough, we are starting to see a new malware campaign leveraging the RevSlider vulnerability and compromising thousands of WordPress sites in the last few days. Unlike SoakSoak, it’s comprised of 3 distinct malframes – creating one new campaign. We’re tracking each closely: 1- wpcache-blogger: This campaign is us
Publish At:2014-12-24 21:30 | Read:2848 | Comments:0 | Tags:Website Infection[s] WordPress Security Website Hacked Websi

New Malware Campaign – WPcache-Blogger – Affects Thousands more WordPress Websites via RevSlider

If SoakSoak wasn’t enough, we are starting to see a new malware campaign leveraging the RevSlider vulnerability and compromising thousands of WordPress sites in the last few days. Unlike SoakSoak, it’s comprised of 3 distinct malframes – creating one new campaign. We’re tracking each closely: 1- wpcache-blogger: This campaign is us
Publish At:2014-12-24 15:15 | Read:2420 | Comments:0 | Tags:Website Infection[s] WordPress Security Website Hacked Websi

SoakSoak: Payload Analysis – Evolution of Compromised Sites – IE 11

Thousands of WordPress sites have been hit by the SoakSoak attack lately. At this moment we know quite a lot about it; it uses the RevSlider vulnerability as a point of penetration, then uploads a backdoor and infects all websites that share the same server account. This means websites that don’t use the RevSlider plugin can be infected too. The visito
Publish At:2014-12-16 18:10 | Read:2712 | Comments:0 | Tags:Website Infection[s] Website Malware Website Security WordPr

SoakSoak: Payload Analysis – Evolution of Compromised Sites – IE 11

Thousands of WordPress sites has been hit by the SoakSoak attack lately. At this moment we know quit a lot about it. It uses the RevSlider vulnerability as a point of penetration. Then uploads a backdoor and infects all websites that share the same server account (so sites that don’t use the RevSlider plugin can be infected too). The site visitors faci
Publish At:2014-12-16 10:55 | Read:3975 | Comments:0 | Tags:Website Infection[s] Website Malware Website Security WordPr

RevSlider Vulnerability Leads To Massive WordPress SoakSoak Compromise

Yesterday we disclosed a large malware campaign targeting and compromising over 100,000 WordPress sites, and growing by the hour. It was named SoakSoak due to the first domain used in the malware redirection path (soaksoak.ru). After a bit more time investigating this issue, we were able to confirm that the attack vector is the RevSlider plugin. We disclosed
Publish At:2014-12-15 15:10 | Read:6249 | Comments:0 | Tags:Website Infection[s] WordPress Security malware_updates soak

RSS Reveals Malware Injections

There are multiple different ways to detect invisible malware on a website: You can scrutinize the HTML code of web pages. Use external scanners like SiteCheck or UnmaskParasites. Get alerts from anti-viruses or search engines (both in search results and via their Webmaster Tools). Try to open web pages with different User-Agents and check f
Publish At:2014-11-19 10:35 | Read:3800 | Comments:0 | Tags:Website Infection[s] Website Malware Website Security rss se

The Dangers of Hosted Scripts – Hacked jQuery Timers

Google blacklisted a client’s website claiming that malicious content was being displayed from forogozoropoto.2waky.com. A scan didn’t reveal anything suspicious. The next step was to check all third-party scripts on the website. Soon we found the offending script. It was hxxp://jquery.offput.ca/js/jquery.timers.js – a jQuery Timers plugin that was mo
Publish At:2014-11-10 17:50 | Read:3803 | Comments:0 | Tags:Website Hacked Website Infection[s] Website Security JavaScr

The Dangers of Hosted Scripts – Hacked jQuery Timers

Google blacklisted a client’s website claiming that malicious content was being displayed from forogozoropoto.2waky.com. A scan didn’t reveal anything suspicious. The next step was to check all third-party scripts on the website. Soon we found the offending script. It was hxxp://jquery.offput.ca/js/jquery.timers.js – a jQuery Timers plugin that was mo
Publish At:2014-11-10 10:35 | Read:3900 | Comments:0 | Tags:Website Hacked Website Infection[s] Website Security JavaScr

Popular Brazilian Site “Porta dos Fundos” Hacked

A very well known Brazilian comedy site, “Porta dos Fundos,” was recently hacked and is pushing malware (drive-by-download) via a malicious Flash executable, as you can see from our Sitecheck results: SiteCheck Found Malware on Porta dos Fundos If you do not want the joke to be on you, do not visit this site (portadosfundos) until it has been cle
Publish At:2014-10-24 20:50 | Read:3399 | Comments:0 | Tags:SiteCheck Website Attacks Website Hacked Website Infection[s

Popular Brazilian Site “Porta dos Fundos” Hacked

A very well known Brazilian comedy site, “Porta dos Fundos,” was recently hacked and is pushing malware (drive-by-download) via a malicious Flash executable as you can see from our Sitecheck results: SiteCheck Found Malware on Porta dos Fundos If you do not want the joke to be on you, do not visit this site (portadosfundos) until it has been clea
Publish At:2014-10-24 13:35 | Read:2688 | Comments:0 | Tags:Website Hacked Website Infection[s]

Manipulating WordPress Plugin Functions to Inject Malware

Most authors of website malware usually rely on the same tricks making it easy for malware researchers to spot obfuscated code, random files that don’t belong, and malicious lines injected at the top of a file. However, it can become difficult when the malware is buried deep within the lines of code on normal files.. Why is some malware harder to spot than o
Publish At:2014-10-23 17:50 | Read:3176 | Comments:0 | Tags:Website Backdoor Website Infection[s] Website Malware WordPr

Malvertising Payload Targets Home Routers

A few weeks ago we wrote about compromised websites being used to attack your web routers at home by changing DNS settings. In that scenario the attackers embedded iFrames to do the heavy lifting, the short fall with this method is they require a website to inject the iFrame. As is often the case, tactics change, and while home routers still seem to be of in
Publish At:2014-10-21 18:10 | Read:3943 | Comments:0 | Tags:Website Infection[s] Website Malware malvertising

WordPress Websites Continue to Get Hacked via MailPoet Plugin Vulnerability

The popular Mailpoet(wysija-newsletters) WordPress plugin had a serious file upload vulnerability a few months back, allowing an attacker to upload files to the vulnerable site. This issue was disclosed months ago, the MailPoet team patched it promptly. It seems though that many are still not getting the word, or blatantly not updating, because we are seein
Publish At:2014-10-09 18:05 | Read:3308 | Comments:0 | Tags:Webserver Infections Website Infection[s] Website Security W

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud