Website Security News
Last week, an ongoing WordPress malware campaign started a new wave which included a variety of experimental injection types. Scripts as Data URLs The first type looks pretty similar to what we discussed in our recent post. However, instead of placing the code between the…
Read More about Data URLs and HTML Entities in New WordPress Malware
There has been a noted increase in the number of sextortion scams during 2019. These scam campaigns are commonly distributed through email, but any method of digital communication can be…
Throwback Threat Thursday is a series of posts where we recall older vulnerabilities that have since been patched by their developers. In the past, these vulnerabilities caused significant impacts to…
Read More about Throwback Threat Thursday: JCE Vulnerability
The United States National Institute of Standards and Technology (NIST) has created a framework for improving critical infrastructure cybersecurity, referred to as the NIST Cybersecurity Framework. The main objective of…
When California passed an online privacy law that will take effect on Jan. 1, 2020, it made me think about a user’s responsibility when it comes to how we engage…
We often find various fake WordPress plugins installed by hackers during website cleanups. Recently, we’ve noticed a new wave of infections that install fake plugins with backdoor functionality. Malicious Plugins…
When cleaning websites, we regularly find phishing pages, malicious code injected into files, and SEO spam. However, over the past couple of months we’ve also noticed a considerable increase in…
Read More about Cryptominers & Backdoors Found in Fake Plugins
Website hardening means adding layers of protection to reduce the risk of website attacks, a process known as “defense in depth.” Here are our top 10 virtual hardening principles: 1…
There’s an issue with how some people define the word “hacker.” For some, it’s a word synonymous with “cybercriminal,” but not in the infosec community. White hat hackers (the good…
There’s no doubt that the ubiquitous “forgot your password?” feature has helped many users who’ve misplaced their password or otherwise forgotten it, however—the tradeoff is that it can result in…
The word cybercrime is no longer just a word you hear coming from Fortune 500 CEOs anymore. This word has being flashed on every good morning news show and radio…
