Labs Notes Monthly Recap – May/2020

In 2020, we doubled up our research efforts to report on many new attacks and hacks that we see in the wild. We believe that being informed is a big part of having a good website security posture.

Sucuri Labs provides website malware research updates directly from our teams on the front line. Our Labs Notes are usually shorter than blog posts and they focus on a highly technical audience.

Cybersecurity Live - Boston

This month, our Malware Research and Incident Response teams disclosed a WordPress plugin vulnerability and wrote about a web shell packer.

B374k Web Shell Packer

by Luke Leal

B374k is one of the most common PHP web shells. Hackers have been loading it onto compromised websites.

Our malware researcher explains how bad actors can use a PHP packer script to add or remove different features like a file manager, database connect, and email before generating the b374k shell file.

Read More

Unauthenticated Stored Cross Site Scripting in WP Support Review

by John Castro

The Vulnerability Research Team discovered an unauthenticated persistent cross-site scripting (XSS) that  has been affecting 40,000+ users of the WP Product Review plugin.

Our researcher explains how a defect in the WordPress plugin WP Product Review versions older than 3.7.6 can lead to persistent cross-site scripting. A successful attack results in malicious scripts being injected in all the site’s products.

Read More

Vulnerabilities Digest: May 2020

by John Castro

In May’s vulnerability digest you will find a list of vulnerable WordPress plugins, the vulnerabilities that are currently affecting them, and their patched version if available.

We also write about the main attack highlights:

  • Cross-site scripting remains the number-one vulnerability.
  • The number of unprotected AJAX action bugs are still ramping up.
  • The plugins and new malicious IPs which were added to a massive WordPress malware campaign.

Read More

*** This is a Security Bloggers Network syndicated blog from Sucuri Blog authored by Juliana Lewis. Read the original post at: