Call Us Today at 1-403-291-9811 or 1-866-291-3857

Web Security

  • Stolen Payment Data: Infected Ecommerce Website to Darknet Markets 16 July 2019 Stolen Payment Data: Infected Ecommerce Website to Darknet Markets

    The final actor of the stolen payment data supply chain is the end user. Rather than just selling or reselling payment data, the end user plans on fraudulently monetizing it.

    This malicious end user typically buys payment data in limited quantities, since:

    1. The price per stolen data greatly increases from when it was originally sold by the source.
    2. There’s an unknown amount of time until the financial institution revokes the issued stolen data.

    Continue reading Stolen Payment Data: Infected Ecommerce Website to Darknet Markets at Sucuri Blog.

  • The Cost of a Hacked Website – Survey 16 July 2019 The Cost of a Hacked Website – Survey

    As part of our commitment to the website security community, we want to know the true impacts of a website compromise from the owner’s perspective.

    If you are a business that has dealt with any type of website attack, your participation in this six-minute survey will help us improve our services and support website owners like yourself.

    START SURVEY NOW

    Be on the lookout for our results summary later this summer!

    Continue reading The Cost of a Hacked Website – Survey at Sucuri Blog.

  • Magento Killer 10 July 2019 Magento Killer

    A malicious PHP script, aptly given the name “Magento Killer” by its creator(s), has been found targeting Magento websites.

    While it doesn’t actually kill the Magento installation, it does allow the attacker to modify data in the core_config_data table of the targeted Magento database.

    $ConfKiller: Malicious Operations Used to Steal Payment Info

    During the initial stages of the attack, the bad actor uses special SQL queries encoded in base64.

    Continue reading Magento Killer at Sucuri Blog.

  • Icegram Persistent Cross-Site Scripting 9 July 2019 Icegram Persistent Cross-Site Scripting

    Icegram is a plugin that helps you collect email addresses for your newsletter. Other features include light-box popup offers, header action bars, toast notifications, and slide-in messengers.

    Versions 1.10.28.2 and lower are affected by a persistent Cross-Site Scripting in the admin area. This plugin has over 40,000 installations and any attacker with a subscriber account can leverage this vulnerability.

    We are not aware of any exploit attempts currently targeting this plugin, but all of our clients behind the website firewall are already protected.

    Continue reading Icegram Persistent Cross-Site Scripting at Sucuri Blog.

  • 7 Things You Should Monitor in WordPress Activity Logs 8 July 2019 7 Things You Should Monitor in WordPress Activity Logs

    WordPress activity logs can be helpful when troubleshooting or trying to identify a hack. In this article, you’ll learn about the seven things you should monitor in your WordPress logs.

    Over the years, WordPress has grown more complex. WordPress is used by people in a variety of environments, ranging from small shops to large enterprises. Its flexible nature allows for a lot of customization; although that does inherently produce a lot of new areas to supervise post-production.

    Continue reading 7 Things You Should Monitor in WordPress Activity Logs at Sucuri Blog.

  • Spam That Fits Your Website 5 July 2019 Spam That Fits Your Website

    Most of the time when we talk about spam, we think about mindless machines that create posts or comments to advertise a business related to drugs, accessories, or essays.

    But what if a hacker tried to convince your clients to click on malicious links based on the content of your website?

    A Customized Spam Campaign Targeting Pizza Delivery

    We recently found a very interesting case where a pizza delivery website was compromised.

    Continue reading Spam That Fits Your Website at Sucuri Blog.

  • WordPress Plugin WP Statistics: Unauthenticated Stored XSS Under Certain Configurations 3 July 2019 WordPress Plugin WP Statistics: Unauthenticated Stored XSS Under Certain Configurations

    The WordPress plugin WP Statistics, which has an active installation base of 500k users, has an unauthenticated stored XSS vulnerability on versions prior to 12.6.7.

    This vulnerability can only be exploited under certain configurations—the default settings are not vulnerable.

    Timeline 

    • 2019/06/26 – Initial contact to the developer.
    • 2019/06/27 – Response from the developer, disclosure of the vulnerability.
    • 2019/06/30 – Patch proposed for review.

    Continue reading WordPress Plugin WP Statistics: Unauthenticated Stored XSS Under Certain Configurations at Sucuri Blog.

  • How to Know If You Are Under DDoS Attack 1 July 2019 How to Know If You Are Under DDoS Attack

    Nowadays, DDoS is a pretty recognizable term. Though many webmasters don’t know exactly what a DDoS attack is—its method is very subtle to identify—they’re pretty sure it’s a bad thing. And that’s a correct assumption. In this article, we will focus on how to know if your website is under attack and how to protect it from it.

    What is a DDoS Attack?

    DDoS stands for Distributed Denial of Service. Like the name implies, a DDoS attack focuses on damaging a service such as:

    • a website,
    • an internet service provider (ISP),
    • the Nasdaq Stock Market,
    • a NASA probe,
    • a game server.

    Continue reading How to Know If You Are Under DDoS Attack at Sucuri Blog.

  • Massive 1800ForBail WordPress Hacks 28 June 2019 Massive 1800ForBail WordPress Hacks

    Sucuri malware analyst Kaushal Bhavsar recently brought our attention to a massive campaign responsible for adding either “1800ForBail” or “1800ForBail – One+Number” keywords to the titles of vulnerable WordPress sites.

    1800ForBail in Search Results

    Google currently returns 158,000 results for the [intitle:1800ForBail] query.

    Of course, this count includes internal pages on compromised websites.

    At the same time, PublicWWW.com returns 692 results for “1800ForBail”, where one result per domain is typically listed.

    Continue reading Massive 1800ForBail WordPress Hacks at Sucuri Blog.

  • Fake Instagram Verification 26 June 2019 Fake Instagram Verification

    Across various social media platforms there are verification checkmark symbols that appear near the name of the account’s page we view. For example, this verified account indicator seen from our Twitter page:

    These verification checkmarks exist as a credibility indicator to help show authenticity and integrity to social media page visitors.

    In order to obtain these checkmark symbols, page owners must meet a list of various requirements and undergo a verification process with their social media provider.

    Continue reading Fake Instagram Verification at Sucuri Blog.

  • Why is Your Website a Target? The SEO Value of a Website 24 June 2019 Why is Your Website a Target? The SEO Value of a Website

    Website security is what we eat, sleep, and breathe. It’s what we do best because we deal with hacked websites every single day, thousands of them. Among the various types and evolution in attack scenarios, one has remained the same for all these years—spam infections.

    A spam infection could be a serious problem for online businesses when it remains on the website long enough for Google, Bing, or other website blacklist authorities to spot it and block site access.

    Continue reading Why is Your Website a Target? The SEO Value of a Website at Sucuri Blog.