JoomDonation Compromised

We are receiving reports from many users of the popular JoomDonation platform that they received a very scary email from someone that supposedly hacked into JoomDonation. The emails went to the registered accounts and contained the full names, so it
Read More

Typos Can have a Bigger Impact Than Expected

Brazil is largest by far, followed by Italy and US

Have you ever thought about the cost of a typo? You know what I mean, a simple misspelling of a word somewhere on your website. Do you think there’s a risk in that? You may have seen the Grammar Police all over your comments yelling that you used t
Read More

Protecting Against Unknown Software Vulnerabilities

Bugs exist in every piece of code. It is suggested that for every 1,000 lines of code, there are on average 1 to 5 bugs to be found. Some of these bugs can have security implications. These are known as vulnerabilities, and they can be used to
Read More

Website Malware Removal: Phishing

Infected Joomla website, phishing with fake Chase Bank page

As we continue on our Malware Removal series we turn our attention to the increasing threat of Phishing infections. Just like a fisherman casts and reels with his fishing rod, a "phisher-man" will try their luck baiting users with fake pages,
Read More

Security Advisory – High severity – WP-Statistics WordPress Plugin

Advisory for: WordPress WP-Statistics Plugin Security Risk: High (DREAD score : 7/10) Exploitation level: Easy/Remote Vulnerability: Stored XSS which executes on the administration panel. Patched Version: 8.3.1 If you’re using the W
Read More

RSS Reveals Malware Injections

Search results for malicious code

There are multiple different ways to detect invisible malware on a website: You can scrutinize the HTML code of web pages. Use external scanners like SiteCheck or UnmaskParasites. Get alerts from anti-viruses or search
Read More

Deep Dive into the HikaShop Vulnerability

PHPMailer class method require_once

It’s been two months since our disclosure of an Object Injection vulnerability affecting versions <2.3.3 of the Joomla! Hikashop extension. The vulnerability allowed an attacker to execute malicious code on a target website. How Does Object I
Read More

The Art of Website Malware Removal – The Basics

When talking about defense against malicious hacks, the attack vector is a common topic for Information Security (InfoSec) professionals. The primary concern is to understand the anatomy of the attack and prevent it from happening again. However,
Read More

The Psychology Behind Why Websites Get Hacked

It's an everyday conversation for security professionals that interact with new customers. The one where we have to explain that just because everything seems fine, doesn't mean that the best security practices shouldn't be followed, or that being
Read More

The Dangers of Hosted Scripts – Hacked jQuery Timers

Sucuri SiteCheck report: infected jquery.js on jquery.offput.ca

Google blacklisted a client's website claiming that malicious content was being displayed from "forogozoropoto(dot)2waky (dot)com". A scan didn’t reveal anything suspicious. The next step was to check all third-party scripts on the website. Soon w
Read More