- Mixed Content Warnings in Google Chrome 14 November 2019
Migrating your website to HTTPS may seem like a simple task. Get the TLS/SSL certificate, install it on your web server, and you’re done.
The real pain for large projects, however, is changing http:// resources to https://. These resources include images, videos, sounds, forms, scripts, and CSS files, along with any externally loaded third-party elements like tracking, ads, and widgets.
If an HTTPS page includes any of these elements served over the HTTP protocol, they are passed unencrypted from your web server to a visitor’s browser.
- Malicious Android Application Used in Phishing Scam 13 November 2019
While we deal with a lot of phishing cases, we rarely see mobile applications used as part of a phishing campaign—these apps add a layer of complexity to the process which deters some bad actors from incorporating into their attack.
To launch a successful phish with a mobile application, bad actors first need to figure out a way to distribute the app without an official source. They also need to figure out how to trick users into accepting permissions to run it on the device.
- Why Reinfections Happen with a WAF 11 November 2019
A web application firewall (WAF) is a great way to detect and filter incoming malicious requests before they can exploit website vulnerabilities and security flaws. While a WAF helps protect against threats over HTTP/HTTPS, the website can still be hacked from the inside.
One common way that websites get reinfected is through cross-site contamination, which can occur even when a website is behind a firewall.
Cross-site contamination happens when one website is infected and the malware copies itself into other directories, infecting all sites on the same server.
- Vulnerable Versions of Adminer as a Universal Infection Vector 9 November 2019
This past week, we’ve been monitoring a new wave of website infections mostly impacting WordPress and Magento websites. We found that hackers have been injecting scripts from scripts.trasnaltemyrecords[.]com into multiple files and database tables.
This is still the same ongoing campaign that we’ve been following for the past few years, where site visitors are redirected to various kinds of scam landing pages—including tech support scams, fake lottery wins, and malicious browser notifications.
- Skimmers for Both Magento and WordPress 7 November 2019
We often write about malware that steal payment information from sites built with Magento and other types of e-commerce CMS.
When discussing credit card skimmers like Magecart, it’s sometimes overlooked that WordPress also has a decent share in the ecommerce segment. There are numerous popular plugins that can easily turn a WordPress site into a full-featured online store. In fact, Woocommerce alone has over 5 million installations.
Credit Card Skimmer Injected in WordPress Core
Our friend Salvador Aguilar over at Kinsta recently shared a few samples of malware found in the WordPress core files wp-includes/js/wp-util.min.js and wp-includes/js/admin-bar.min.js.
- Magento 1 End of Life 6 November 2019
It’s no secret that a CMS without support will develop vulnerabilities. Eventually, these lead to a compromised website — which cripples any ecommerce business. When you consider the popularity of the Magento ecommerce platform, it’s easy to see how their announcement of the Magento 1 end of life could leave a significant portion of ecommerce retailers scrambling for new solutions.
That might sound dire, but we’re here to lay out the essential facts — and look at a way to extend that looming end-of-life deadline.
- Pharma Spam Redirects to .su & .eu Sites 4 November 2019
We regularly clean all sorts of black hat SEO infections. During these infection cleanups, we often find compromised websites redirecting visitors to fake “Canadian Pharmacy” landing pages selling counterfeit men’s health pills from various .su and .eu top level domains.
Spammy Redirect File Names & Contents
These SEO infections usually come in the form of files containing random file names, like the ones seen below.
- Halloween Tales of the IoT Crypt 31 October 2019
In the spirit of Halloween, we bring you some of the scariest internet of things (IoT) hacks that we have been made aware of.
While this does not really focus on website security, it is still an interesting topic when you think about cybersecurity as a whole.
Watching over a Baby
The first spooky tale comes from Texas where a mother has her house wired with a Nest camera to watch over her 4 month old son.
- Data URLs and HTML Entities in New WordPress Malware 30 October 2019
Last week, an ongoing WordPress malware campaign started a new wave which included a variety of experimental injection types.
Scripts as Data URLs
The first type looks pretty similar to what we discussed in our recent post.
However, instead of placing the code between the <script>…</script> tags, these injections have begun to embed them inline using a so called data URL notation in the src parameter.
- Fake French Police Sextortion Scam 28 October 2019
There has been a noted increase in the number of sextortion scams during 2019. These scam campaigns are commonly distributed through email, but any method of digital communication can be used to deliver the blackmail threat to the victim.
Blackmail Attempts for Bitcoin Payments
The majority of these sextortion scam emails follow a similar template, disclosed earlier this year in a post by MalwareBytes. This email template has been translated into various languages, however some of the templates use different methods to lure victims into believing the scammer.
- Throwback Threat Thursday: JCE Vulnerability 24 October 2019
Throwback Threat Thursday is a series of posts where we recall older vulnerabilities that have since been patched by their developers. In the past, these vulnerabilities caused significant impacts to the security of website owners. Some vulnerable sites may be still be found in wild.
Despite WordPress’ market share completely overshadowing other CMS’, Joomla (previously known as Mambo) has still managed to retain its position as the second most popular CMS.
In fact, even with a decreasing market share in the overall CMS landscape, there are still well over a million live websites using Joomla to manage their digital content.