Black Hat Tactics

Zero-Day Stored XSS in Social Warfare

A zero-day vulnerability has just appeared in the WordPress plugin world, affecting over 70,000 sites using the Social Warfare plugin. The plugin is vulnerable to a Stored XSS (Cross-Site Scripting) vulnerability and has been removed from the plugin repository. Attacks can be conducted by any users visiting the site. A patch has been released and

[ Read More ]

0day Vulnerability in Easy WP SMTP Affects Thousands of Sites

The Easy WP SMTP plugin authors have released a new update, fixing a very critical 0day vulnerability. When leveraged, this vulnerability gives unauthenticated attackers the power to modify any options of an affected site — ultimately leading to a complete site compromise. The vulnerability, found only in version 1.3.9, has been seen exploited in the

[ Read More ]

Arbitrary Directory Deletion in WP-Fastest-Cache

The WP-Fastest-Cache plugin authors released a new update, version 0.8.9.1, fixing a vulnerability (CVE-2019-6726) present during its install alongside the WP-PostRatings plugin. According to seclists.org: “A successful attack allows an unauthenticated attacker to specify a path to a directory from which files and directories will be deleted recursively. The vulnerable code path extracts the path

[ Read More ]

Insufficient Privilege Validation in SiteGround Optimizer & Caldera Forms Pro

While investigating the SiteGround Optimizer and Caldera Forms Pro plugins we have discovered a critical privilege escalation vulnerability. It was not being abused externally and impacts over 500,000 sites. It’s urgency is defined by the associated DREAD score that looks at damage, reproducibility, exploitability, affected users, and discoverability. A key contributor to the criticality of

[ Read More ]

Hacked Website Trend Report – 2018

We are proud to be releasing our latest Hacked Website Trend Report for 2018. This report is based on data collected and analyzed by the GoDaddy Security / Sucuri team, which includes the Incident Response Team (IRT) and the Malware Research Team (MRT). The data presented is based on the analysis of 25,168 cleanup requests

[ Read More ]

Fake Browser Updates Push Ransomware and Bank Malware

Recently we came across a malicious campaign injecting scripts that push fake browser updates onto site visitors. This is what a typical fake update request looks like: Users see a message box that says it’s an “Update Center” for your browser type (in my case it’s Firefox, but they also have such messages for Chrome,

[ Read More ]

Google Analytics and Angular in Magento Credit Card Stealing Scripts

Over the last few months, we’ve noticed several credit card-stealing scripts that use variations of the Google Analytics name to make them look less suspicious and evade detection by website owners. The malicious code is obfuscated and injected into legitimate JS files, such as skin/frontend/default/theme122k/js/jquery.jscrollpane.min.js, js/meigee/jquery.min.js, and js/varien/js.js. The obfuscated code loads another script from

[ Read More ]

Hackers Use Fake Google reCAPTCHA to Cloak Banking Malware

The most effective phishing and malware campaigns usually employ one of the following two age-old social engineering techniques: Impersonation These online phishing campaigns impersonate a popular brand or product through specially crafted emails, SMS, or social media networks. These campaigns employ various methods including email spoofing, fake or real employee names, and recognized branding to

[ Read More ]

The Anatomy of Website Malware: An Introduction

We see a lot of files infected by website malware on a daily basis here at Sucuri Labs. What we don’t see is very many categories of infections. The purpose of this blog post series is to provide an overview of the most common infection categories and types of website malware. Are you interested in

[ Read More ]

Free SuperCounters Widget Serves Unwanted Redirects to Dating Site

If we navigate way back into the recesses of our memory to the era of GeoCities websites and MySpace pages, we might distinctly recollect the popularity of the visitor-counting widget. Commonly displayed on homepages across the web, these widgets served as credibility indicators to help site visitors identify the popularity of a website. While this

[ Read More ]