PHP code | Breaking Cybersecurity News | The Hacker News

Unknown threat actors are abusing lesser-known code snippet plugins for WordPress to insert malicious PHP code in victim sites that are capable of harvesting credit card data. The campaign, observed by Sucuri on May 11, 2024, entails the abuse of a WordPress plugin called  Dessky Snippets , which allows users to add custom PHP code. It has over 200 active installations. Such attacks are known to leverage previously disclosed flaws in WordPress plugins or easily guessable credentials to gain administrator access and install other plugins (legitimate or otherwise) for post-exploitation. Sucuri said the Dessky Snippets plugin is used to insert a server-side PHP credit card skimming malware on compromised sites and steal financial data. "This malicious code was saved in the dnsp_settings option in the WordPress wp_options table and was designed to modify the checkout process in WooCommerce by manipulating the billing form and injecting...

A critical security flaw in the Bricks theme for WordPress is being actively exploited by threat actors to run arbitrary PHP code on susceptible installations. The flaw, tracked as CVE-2024-25600 (CVSS score: 9.8), enables unauthenticated attackers to achieve remote code execution. It impacts all versions of the Bricks up to and including 1.9.6. It has been addressed by the theme developers in  version 1.9.6.1  released on February 13, 2024, merely days after WordPress security provider Snicco reported the flaw on February 10. While a proof-of-concept (PoC) exploit has not been released, technical details have been  released  by both Snicco and Patchstack, noting that the underlying vulnerable code exists in the prepare_query_vars_from_settings() function. Specifically, it concerns the use of security tokens called "nonces" for verifying permissions, which can then be used to pass arbitrary commands for execution, effectively allowing a threat actor to seize con...

Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.  At its core, Vulnerability Management processes remain essential for identifying and addressing weaknesses. But as time marches on and attack avenues evolve, this approach is beginning to show its age. In a recent report, How to Grow Vulnerability Management into Exposure Management (Gartner, How to Grow Vulnerability Management Into Exposure Management, 8 November 2024, Mitchell Schneider Et Al.), we believe Gartner® addresses this point precisely and demonstrates how organizations can – and must – shift from a vulnerability-centric strategy to a broader Exposure Management (EM) framework. We feel it's more than a worthwhile read an...

Cybercrime groups are distributing malicious PHP web shells disguised as a favicon to maintain remote access to the compromised servers and inject JavaScript skimmers into online shopping platforms with an aim to steal financial information from their users. "These web shells known as Smilodon or Megalodon are used to dynamically load JavaScript skimming code via server-side requests into online stores," Malwarebytes Jérôme Segura  said  in a Thursday write-up. "This technique is interesting as most client-side security tools will not be able to detect or block the skimmer." Injecting web skimmers on e-commerce websites to steal credit card details is a tried-and-tested modus operandi of Magecart, a consortium of different hacker groups who target online shopping cart systems. Also known as formjacking attacks, the skimmers take the form of JavaScript code that the operators stealthily insert into an e-commerce website, often on payment pages, with an intent to c...

Security researchers have been warning of a new trick that cybercriminals are leveraging to hide their malicious code designed to re-introduce the infection to steal confidential information from Magento based online e-commerce websites. So, if you have already cleaned up your hacked Magento website, there are chances your website is still leaking login credentials and credit card details of your customers to hackers. More than 250,000 online stores use open-source Magento e-commerce platform, which makes them an enticing target for hackers, and therefore the security of both your data and your customer data is of the utmost importance. According to the researchers at Sucuri , who have previously spotted several Magento malware campaigns in the wild, cybercriminals are currently using a simple yet effective method to ensure that their malicious code is added back to a hacked website after it has been removed. To achieve this, criminals are hiding their 'credit card stea...

Three critical zero-day vulnerabilities have been discovered in PHP 7 that could allow an attacker to take complete control over 80 percent of websites which run on the latest version of the popular web programming language. The critical vulnerabilities reside in the unserialized mechanism in PHP 7 – the same mechanism that was found to be vulnerable in PHP 5 as well, allowing hackers to compromise Drupal, Joomla, Magento, vBulletin and PornHub websites and other web servers in the past years by sending maliciously crafted data in client cookies. Security researchers at Check Point's exploit research team spent several months examining the unserialized mechanism in PHP 7 and discovered "three fresh and previously unknown vulnerabilities" in the mechanism. While researchers discovered flaws in the same mechanism, the vulnerabilities in PHP 7 are different from what was found in PHP 5. Tracked as CVE-2016-7479, CVE-2016-7480, and CVE-2016-7478, the zero-day flaw...

Open Source is the Future of the computer science world! On Wednesday, the popular coding website GitHub shared a graph that gives a closer look at the popularity of different programming languages used on its code sharing website that lets anyone edit, store, and collaborate on software code. Since its launch in 2008, GitHub saw various programming languages picking up momentum, as shown in the graph below. An insight into what GitHub is… GitHub is a web-based repository that operates on the functionality of a 'Git,' which is strictly a command-line tool. With 10 Million users as of today, the platform has become the primary source of housing open source software that is free of cost available to the world at large. A look at the picture of programming trends on GitHub over recent years is actually a look at how the computer world is evolving. Top 10 Programming Languages Here are the Top 10 Programming Languages on GitHub today: JavaS...

The most popular e-commerce platform owned by eBay, Magento is once again in the news. This time for a critical Remote Code Execution (RCE) vulnerability , affecting hundreds of thousands of online merchants worldwide. If exploited, the critical vulnerability could allow a hacker to compromise completely any online store powered by Magento and gain access to credit card details and other financial as well as personal information related to the customers. Which isn't great? This serious flaw in Magento platform  exploits a series of vulnerabilities that ultimately allow unauthenticated attackers to execute any PHP code of their choice on the web server. All the vulnerabilities that lead to remote code execution (RCE) flaw are present in the Magento core code, and affect the default installation of both Magento Community and Magento Enterprise Editions. Running arbitrary code on the web server gives attackers the ability to bypass all security mechanisms and ...

Yesterday we learned of a critical Zero-day vulnerability in a popular image resizing library called TimThumb, which is used in thousands WordPress themes and plugins. WordPress is a free and open source blogging tool and a content management system (CMS) with more than 30,000 plugins, each of which offers custom functions and features enabling users to tailor their sites to their specific needs, therefore it is easy to setup and use, that's why tens of millions of websites across the world opt it. But if you or your company are the one using the popular image resizing library called " TimThumb " to resize large images into usable thumbnails that you can display on your site, then you make sure to update the file with the upcoming latest version and remember to check the TimThumb site regularly for the patched update. 0-Day REMOTE CODE EXECUTION & NO PATCH The critical vulnerability discovered by Pichaya Morimoto in the TimThumb Wordpress plugin version 2.8.13, ...

Incapsula security study reveals how a simple neglect in managing the administrative password of a small UK site was quickly exploited by Botnet shepherds operating obscurely out of Turkey to hurl large amounts of traffic at American banks. If you've been following the news, you are probably aware of a wave of DDoS attacks that recently hit several major U.S. banks. Izz ad-Din al-Qassam, a hacker group that claimed responsibility for these attacks, declared them to be a retaliation for an anti-Islam video that mocked the Prophet Muhammad and a part of the on-going "Operation Ababil." As the reports of the attack started to roll in, Incapsula security team was able to uncover one of the secret foot-soldiers behind the assault: a compromised general-interest UK-based website that was trying to hurl large chunks of junk traffic at three of the world's largest financial institutions (PNC, HSBC and Fifth Third Bank). At On the eve of the attack, this website su...