CMS

Pierluigi Paganini September 26, 2016
Security firm Sucuri analyzed tens of thousands of compromised websites

Security firm Sucuri published a detailed study, titled Hacked Website Report for 2016/Q2, on compromised websites on the Internet. According to the security expert Daniel Cid from Sucuri, at least 15,769 WordPress websites have been compromised this year. Sucuri has published a report, titled Hacked Website Report for 2016/Q2, related compromised websites on the web. The […]

Pierluigi Paganini August 23, 2016
Linux.Rex.1, a new Linux Trojan the creates a P2P Botnet

Security researchers discovered a new Linux Trojan dubbed Linux.Rex.1 that is capable of self-spreading and create a peer-to-peer botnet. A newly observed Linux Trojan is capable of self-spreading through infected websites and can recruit the infected machines into a peer-to-peer (P2P) botnet, Doctor Web researchers warn. Security researchers from the firm Dr. Web have discovered […]

Pierluigi Paganini July 10, 2016
Realstatistics campaign leads to ransomware via compromised sites

Threat actors in the wild are behind the Realstatistics campaign are leveraging on out-of-date CMSs to deliver the CryptXXX ransomware. Security experts from Sucuri security firm have spotted a new ransomware-based campaign dubbed ‘Realstatistics’ conducted by threat actors in the past two weeks. “Our Incident Response Team (IRT) has been tracking a mass infection campaign over the […]

Pierluigi Paganini June 23, 2016
WordPress 4.5.3 fixed several security vulnerabilities

WordPress has recently issued the version 4.5.3 that patches more than two dozen vulnerabilities, including 17 bugs introduced in the last three releases. WordPress is one of the most popular content management systems for this reason is a privileged target of hackers. It is quite easy to scan the web searching for websites running old version affected […]

Pierluigi Paganini June 05, 2016
Old CVE-2014-3704 flaw in Drupal still exploited in attacks

More than 19 months after its public disclosure the CVE-2014-3704 is still exploited in attacks against Drupal-based websites. It was October 2014, when Drupal patched a critical SQL injection vulnerability (CVE-2014-3704) that was affecting all Drupal core 7.x versions up to the recently-released 7.32 version, which fixed the issue. The patch issued by Drupal fixed the […]

Pierluigi Paganini April 19, 2016
IBM warns a spike in the number of PHP C99 Webshell Attacks

IBM Security has warned the WordPress community about a spike in the number of attacks leveraging a specific variant of the PHP C99 Webshell. Security experts at IBM reported a spike in the number of cyber attacks pushing a variant of the popular C99 webshell in February and March, a 45 percent increase compared to the previous period. […]

Pierluigi Paganini March 30, 2016
vBulletin resets passwords after a targeted attack

vBulletin has suffered a severe attack last week that breached one of the Germany servers, in response it informed users that all passwords had been reset. vBulletin has suffered a severe attack last week, in response it informed users that all passwords had been reset. According to the vBulletin developer Paul Marsden one of the […]

Pierluigi Paganini February 19, 2016
Thousands of WordPress websites used as a platform to launch DDOS

In a recent investigation case, security researchers at Sucuri revealed that 26,000 different WordPress sites were exploited to launch Layer 7 distributed denial of service (DDoS) attacks. In a recent investigation case, security researchers at Sucuri revealed that 26,000 different WordPress sites were generating a sustained rate of 10,000 to 11,000 HTTPS requests per second […]

Pierluigi Paganini January 07, 2016
Unpatched Drupal flaws open websites to attacks

IOActive has uncovered a number of serious vulnerabilities affecting the Drupal CMS that could be exploited to completely takeover the vulnerable websites. A new vulnerability affecting Drupal could be exploited for code execution and database credentials theft (by Man-in-the-Middle), according to Fernando Arnaboldi, a senior security consultant working in IOActive. Fernando Arnaboldi says that the […]

Pierluigi Paganini November 05, 2015
vBulletin security patches and zero-day exploit available online

Rumors on the Internet says that the hackers who breached vBulletin forum website exploited a zero-day flaw, the company issued emergency security patches. On Sunday, the vBulletin official website has been hacked, according to DataBreaches.net, vBulletin, Foxit Software forums have been hacked by Coldzer0 that has stolen hundreds of thousands of users’ records. The hacker published screenshots […]