The Hacker News Logo
Subscribe to Newsletter

The Hacker News — Cyber Security and Hacking News Website: PHP code

Magento Hackers Using Simple Evasion Trick to Reinfect Sites With Malware

Magento Hackers Using Simple Evasion Trick to Reinfect Sites With Malware

June 20, 2018Swati Khandelwal
Security researchers have been warning of a new trick that cybercriminals are leveraging to hide their malicious code designed to re-introduce the infection to steal confidential information from Magento based online e-commerce websites. So, if you have already cleaned up your hacked Magento website, there are chances your website is still leaking login credentials and credit card details of your customers to hackers. More than 250,000 online stores use open-source Magento e-commerce platform, which makes them an enticing target for hackers, and therefore the security of both your data and your customer data is of the utmost importance. According to the researchers at Sucuri , who have previously spotted several Magento malware campaigns in the wild, cybercriminals are currently using a simple yet effective method to ensure that their malicious code is added back to a hacked website after it has been removed. To achieve this, criminals are hiding their 'credit card stea
3 Critical Zero-Day Flaws Found in PHP 7 — One Remains Unpatched!

3 Critical Zero-Day Flaws Found in PHP 7 — One Remains Unpatched!

December 29, 2016Swati Khandelwal
Three critical zero-day vulnerabilities have been discovered in PHP 7 that could allow an attacker to take complete control over 80 percent of websites which run on the latest version of the popular web programming language. The critical vulnerabilities reside in the unserialized mechanism in PHP 7 – the same mechanism that was found to be vulnerable in PHP 5 as well, allowing hackers to compromise Drupal, Joomla, Magento, vBulletin and PornHub websites and other web servers in the past years by sending maliciously crafted data in client cookies. Security researchers at Check Point's exploit research team spent several months examining the unserialized mechanism in PHP 7 and discovered "three fresh and previously unknown vulnerabilities" in the mechanism. While researchers discovered flaws in the same mechanism, the vulnerabilities in PHP 7 are different from what was found in PHP 5. Tracked as CVE-2016-7479, CVE-2016-7480, and CVE-2016-7478, the zero-day flaw
Here's Top 10 Popular Programming Languages used on GitHub

Here's Top 10 Popular Programming Languages used on GitHub

August 21, 2015Swati Khandelwal
Open Source is the Future of the computer science world! On Wednesday, the popular coding website GitHub shared a graph that gives a closer look at the popularity of different programming languages used on its code sharing website that lets anyone edit, store, and collaborate on software code. Since its launch in 2008, GitHub saw various programming languages picking up momentum, as shown in the graph below. An insight into what GitHub is… GitHub is a web-based repository that operates on the functionality of a 'Git,' which is strictly a command-line tool. With 10 Million users as of today, the platform has become the primary source of housing open source software that is free of cost available to the world at large. A look at the picture of programming trends on GitHub over recent years is actually a look at how the computer world is evolving. Top 10 Programming Languages Here are the Top 10 Programming Languages on GitHub today: JavaS
Critical Vulnerability Found in Magento eCommerce Platform

Critical Vulnerability Found in Magento eCommerce Platform

April 21, 2015Mohit Kumar
The most popular e-commerce platform owned by eBay, Magento is once again in the news. This time for a critical Remote Code Execution (RCE) vulnerability , affecting hundreds of thousands of online merchants worldwide. If exploited, the critical vulnerability could allow a hacker to compromise completely any online store powered by Magento and gain access to credit card details and other financial as well as personal information related to the customers. Which isn’t great? This serious flaw in Magento platform  exploits a series of vulnerabilities that ultimately allow unauthenticated attackers to execute any PHP code of their choice on the web server. All the vulnerabilities that lead to remote code execution (RCE) flaw are present in the Magento core code, and affect the default installation of both Magento Community and Magento Enterprise Editions. Running arbitrary code on the web server gives attackers the ability to bypass all security mechanisms and gain
Zero-Day TimThumb WebShot Vulnerability leaves Thousands of Wordpress Blogs at Risk

Zero-Day TimThumb WebShot Vulnerability leaves Thousands of Wordpress Blogs at Risk

June 26, 2014Mohit Kumar
Yesterday we learned of a critical Zero-day vulnerability in a popular image resizing library called TimThumb, which is used in thousands WordPress themes and plugins. WordPress is a free and open source blogging tool and a content management system (CMS) with more than 30,000 plugins, each of which offers custom functions and features enabling users to tailor their sites to their specific needs, therefore it is easy to setup and use, that’s why tens of millions of websites across the world opt it. But if you or your company are the one using the popular image resizing library called “ TimThumb ” to resize large images into usable thumbnails that you can display on your site, then you make sure to update the file with the upcoming latest version and remember to check the TimThumb site regularly for the patched update. 0-Day REMOTE CODE EXECUTION & NO PATCH The critical vulnerability discovered by Pichaya Morimoto in the TimThumb Wordpress plugin version 2.8.13,
Under the hood of recent DDoS Attack on U.S. Banks

Under the hood of recent DDoS Attack on U.S. Banks

January 10, 2013Wang Wei
Incapsula security study reveals how a simple neglect in managing the administrative password of a small UK site was quickly exploited by Botnet shepherds operating obscurely out of Turkey to hurl large amounts of traffic at American banks. If you've been following the news, you are probably aware of a wave of DDoS attacks that recently hit several major U.S. banks. Izz ad-Din al-Qassam, a hacker group that claimed responsibility for these attacks, declared them to be a retaliation for an anti-Islam video that mocked the Prophet Muhammad and a part of the on-going “Operation Ababil.” As the reports of the attack started to roll in, Incapsula security team was able to uncover one of the secret foot-soldiers behind the assault: a compromised general-interest UK-based website that was trying to hurl large chunks of junk traffic at three of the world's largest financial institutions (PNC, HSBC and Fifth Third Bank). At On the eve of the attack, this website sud
Exclusive Deals

Get Daily News Updates By Email

Join over 350,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.