Some weeks ago a critical unauthenticated privilege escalation vulnerability was discovered in old, unpatched versions of the wp-user-avatar plugin. It also allows for arbitrary file uploads, which is where we have been seeing the infections start. This plugin has over 400,000 installations so we have seen a sustained campaign to infect sites with this plugin installed. In this post I will review a common infection seen as a result of this vulnerability in the wp-user-avatar plugin.
We have discussed in the past how out-of-the-box security configurations tend to not be very secure. This is usually true for all software and WordPress is no exception.
While there are a plethora of different ways that site owners can lock down their website, in this post we are going to review the most basic hardening mechanisms that WordPress website owners can employ to improve their security. We will also review the pros and cons of these different tactics.
MageCart is the name given to the roughly one dozen groups of cyber criminals targeting e-commerce websites with the goal of stealing credit card numbers and selling them on the black market. They remain an ever-growing threat to website owners. We’ve said many times on this blog that the attackers are constantly using new techniques to evade detection. In this post I will go over a case involving one such MageCart group.
A Hacked Magento Website
Some time ago a client of ours came to us with a heavily infected Magento e-commerce website from where credit card details were being stolen.
In my previous post about ecommerce credit card swipers I described the general overview of the online ecommerce environment as well as some of the reasons behind why websites become compromised with this type of malware. In this post I will go into some more detail of the taxonomy of web-based credit card swipers, review some good online resources on vulnerabilities as well as some steps to protect yourself, your website and your customers.
Different Types of Swipers
Now that we have reviewed the broader ecommerce web environment in the previous post, let’s take a look at some actual swipers and the different “flavours” that they come in.
Many clients that we work with host and operate ecommerce websites which are frequent targets of attackers. The goal of these attacks is to steal credit card details from unsuspecting victims and sell them on the black market for a profit. The online ecommerce environment is diverse, constituting many different content management system (CMS) platforms and payment gateways all of which have their own features and risks.
In this post I will attempt to demystify this cluttered environment, provide some context for the different attack vectors, and reasons how customer’s credit card details become compromised.