Call Us Today at 1-403-291-9811 or 1-866-291-3857

Web Security

  • More on Dnsden[.]biz Swipers and Radix Obfuscation 19 March 2019 More on Dnsden[.]biz Swipers and Radix Obfuscation

    After recent publication of the Uncommon Radixes Used in Malware Obfuscation article, we found an interesting Twitter thread involving @EKFiddle and @Ledtech3

    #EKFiddle [Regex update]: Added Radix Web Skimmer identified by @unmaskparasites (https://t.co/3YJM9YeyAw).
    Additional domain seen in campaigns: checkip[.]bizhttps://t.co/U67qZosp1e pic.twitter.com/ZWwGZG6zyN

    — EKFiddle (@EKFiddle) March 17, 2019

    Just a brief round up of the Twitter discussion.

    Neither the credit card swiper malware campaign from “dnsden[.]biz” nor the “radix obfuscation” trick is new.

    Continue reading More on Dnsden[.]biz Swipers and Radix Obfuscation at Sucuri Blog.

  • Arbitrary Directory Deletion in WP-Fastest-Cache 18 March 2019 Arbitrary Directory Deletion in WP-Fastest-Cache

    The WP-Fastest-Cache plugin authors released a new update, version 0.8.9.1, fixing a vulnerability (CVE-2019-6726) present during its install alongside the WP-PostRatings plugin. According to seclists.org:

    “A successful attack allows an unauthenticated attacker to specify a path to a directory from which files and
    directories will be deleted recursively. The vulnerable code path extracts the path portion of the referrer header and
    then uses string concatenation to build an absolute path.

    Continue reading Arbitrary Directory Deletion in WP-Fastest-Cache at Sucuri Blog.

  • Uncommon Radixes Used in Malware Obfuscation 15 March 2019 Uncommon Radixes Used in Malware Obfuscation

    Some JavaScript features allow for pretty interesting obfuscation techniques. For example, did you know that virtually any English word can be used as a valid number?

    I recently decoded a credit card stealing script injected at the bottom of a js/varien/js.js file:

    There were several layers of obfuscation. During the final stage of decoding, I identified that this code writes something to web pages with URLs containing one of the following keywords onepage|checkout|onestep|firecheckout, typically used on checkout pages.

    Continue reading Uncommon Radixes Used in Malware Obfuscation at Sucuri Blog.

  • Insufficient Privilege Validation in SiteGround Optimizer & Caldera Forms Pro 13 March 2019 Insufficient Privilege Validation in SiteGround Optimizer & Caldera Forms Pro

    While investigating the SiteGround Optimizer and Caldera Forms Pro plugins we have discovered a critical privilege escalation vulnerability.

    It was not being abused externally and impacts over 500,000 sites. It’s urgency is defined by the associated DREAD score that looks at damage, reproducibility, exploitability, affected users, and discoverability.

    A key contributor to the criticality of these vulnerabilities is that it’s exploitable by any user (it’s not restricted to privileged users – e.g., admins) and is easy to exploit remotely.

    Continue reading Insufficient Privilege Validation in SiteGround Optimizer & Caldera Forms Pro at Sucuri Blog.

  • PCI for SMB: Requirement 10 & 11 – Regularly Monitor and Test Networks 11 March 2019 PCI for SMB: Requirement 10 & 11 – Regularly Monitor and Test Networks

    Welcome to the seventh post of a series on understanding the Payment Card Industry Data Security Standard–PCI DSS. We want to show how PCI DSS affects anyone going through the compliance process using the PCI SAQ’s (Self Assessment Questionnaires).

    In the previous articles written about PCI, we covered the following:

    • Requirement 1: Build and Maintain a Secure Network – Install and maintain a firewall configuration to protect cardholder data
    • Requirement 2: Build and Maintain a Secure Network – Do not use vendor-supplied defaults for system passwords or other security parameters
    • Requirement 3 & 4: Secure Cardholder Data
    • Requirement 5 & 6: Maintain a Vulnerability Management Program
    • Requirement 7 & 8: Implement Strong Access Control Measures
    • Requirement 9: Implement Strong Access Control Measures

    Having recapped this so far, we’re going to focus on the requirements under the Regularly Monitor and Test Networks section.

    Continue reading PCI for SMB: Requirement 10 & 11 – Regularly Monitor and Test Networks at Sucuri Blog.

  • Spotlight on Women in Cybersecurity 8 March 2019 Spotlight on Women in Cybersecurity

    Sucuri is committed to helping women develop their careers in technology. On International Women’s Day, Sucuri team members share their insights into working in cybersecurity.

    Spotlight on Sucuri Women in Cybersecurity

    We have asked some of the women who work at Sucuri 3 questions:

    1. What do you do at Sucuri?
    2. How did you decide to work with technology?
    3. What do you think the future looks like for women in cybersecurity?

    Continue reading Spotlight on Women in Cybersecurity at Sucuri Blog.

  • How to Add SSL & Move WordPress from HTTP to HTTPS 6 March 2019 How to Add SSL & Move WordPress from HTTP to HTTPS

    Moving a WordPress website from HTTP to HTTPS should be a priority for any webmaster. Recent statistics show that over 33% of website administrators across the web use WordPress and many of these websites have still not added an SSL certificate.

    Why is Important to Have a WordPress SSL Certificate?

    SSL has become increasingly important in the past couple of years, not only for securely transmitting information to and from your website, but also to increase visibility and lower the chances of being penalized by website authorities.

    Continue reading How to Add SSL & Move WordPress from HTTP to HTTPS at Sucuri Blog.

  • Hacked Website Trend Report – 2018 4 March 2019 Hacked Website Trend Report – 2018

    We are proud to be releasing our latest Hacked Website Trend Report for 2018.

    This report is based on data collected and analyzed by the GoDaddy Security / Sucuri team, which includes the Incident Response Team (IRT) and the Malware Research Team (MRT).

    The data presented is based on the analysis of 25,168 cleanup requests and summarizes the latest trends by bad actors. We’ve built this analysis from prior reports to identify the latest tactics, techniques, and procedures (TTPs) detected by our Remediation Group.

    Continue reading Hacked Website Trend Report – 2018 at Sucuri Blog.

  • Fake Browser Updates Push Ransomware and Bank Malware 28 February 2019 Fake Browser Updates Push Ransomware and Bank Malware

    Recently we came across a malicious campaign injecting scripts that push fake browser updates onto site visitors.

    This is what a typical fake update request looks like:

    Users see a message box that says it’s an “Update Center” for your browser type (in my case it’s Firefox, but they also have such messages for Chrome, Internet Explorer and Edge browsers).

    The message reads: “A critical error has occurred due to the outdated version of the browser.

    Continue reading Fake Browser Updates Push Ransomware and Bank Malware at Sucuri Blog.

  • Google Analytics and Angular in Magento Credit Card Stealing Scripts 26 February 2019 Google Analytics and Angular in Magento Credit Card Stealing Scripts

    Over the last few months, we’ve noticed several credit card-stealing scripts that use variations of the Google Analytics name to make them look less suspicious and evade detection by website owners.

    The malicious code is obfuscated and injected into legitimate JS files, such as skin/frontend/default/theme122k/js/jquery.jscrollpane.min.js, js/meigee/jquery.min.js, and js/varien/js.js.

    The obfuscated code loads another script from www.google-analytics[.]cm/analytics.js.

    Continue reading Google Analytics and Angular in Magento Credit Card Stealing Scripts at Sucuri Blog.

  • Hackers Use Fake Google reCAPTCHA to Cloak Banking Malware 21 February 2019 Hackers Use Fake Google reCAPTCHA to Cloak Banking Malware

    The most effective phishing and malware campaigns usually employ one of the following two age-old social engineering techniques:

    Impersonation

    These online phishing campaigns impersonate a popular brand or product through specially crafted emails, SMS, or social media networks. These campaigns employ various methods including email spoofing, fake or real employee names, and recognized branding to trick users into believing they are from a legitimate source. Impersonation phishing campaigns may also contain a victim’s name, email address, account number, or some other personal detail.

    Continue reading Hackers Use Fake Google reCAPTCHA to Cloak Banking Malware at Sucuri Blog.