Malware Cleanup to Arbitrary File Upload in Gravity Forms
Rodrigo Escobar During our regular cleanup process we came across a reinfection case that caught our attention. This particular environment didn’t have anything special or fancy, it…
Month: February 2015
10 posts
Why Websites Get Hacked
Tony Perez I spend a good amount of time engaging with website owners across a broad spectrum of businesses. Interestingly enough, unless I’m talking large enterprise, there…
Security Advisory – WP-Slimstat 3.9.5 and Lower
Marc-Alexandre Montpas WP-Slimstat users should update as soon as possible! During a routine audit for our WAF, we discovered a security bug that an attacker could, by…
Vulnerability Disclosures – A Note To Developers
Daniel Cid This post is entirely for developers. Feel free to read, but approach it with that in mind. There is no such thing as bug-free code.…
Analysis of the Fancybox-For-WordPress Vulnerability
We were alerted last week of a malware outbreak affecting WordPress sites using version 3.0.2 and lower of the fancybox-for-wordpress plugin. As announced, here are some of the…
The Dynamics of Passwords
Alycia Mitchell How often do you think about the passwords you’re using? Not only for your website, but also for everything else you do on the internet…
Analyzing Malicious Redirects in the IP.Board CMS
Denis Sinegubko Although the majority of our posts describe WordPress and Joomla attacks (no wonder, given their market-share), there are still attacks that target smaller CMS’s and…
Zero-day in the Fancybox-for-WordPress Plugin
Update: We posted an analysis of the vulnerability following this post. Our research team was alerted to a possible malware outbreak affecting many WordPress websites.…
Advisory – Dangerous “nonce” Leak in UpdraftPlus
If you’re a user of the UpdraftPlus plugin for WordPress, now is the time to update. During a routine audit of our Website Firewall (WAF),…
Creative Evasion Technique Against Website Firewalls
Lee Howarth During one of our recent in-house Capture The Flag (CTF) events, I was playing with the idea of what could be done with Non-Breaking Spaces.…