We all hear of APT (advanced persistent threat) and this is a good example of one trying to steal the vl.com domain. Very good read:
You May Also Like
An Indirect Way to Change cPanel Passwords
Luke Leal
- October 8, 2019
There’s no doubt that the ubiquitous “forgot your password?” feature has helped many users who’ve misplaced their password or otherwise forgotten it, however—the tradeoff is…
WordPress Plugin WP Statistics: Unauthenticated Stored XSS Under Certain Configurations
Antony Garand
- July 3, 2019
The WordPress plugin WP Statistics, which has an active installation base of 500k users, has an unauthenticated stored XSS vulnerability on versions prior to 12.6.7.…
Tiny WSO Webshell Loader
Luke Leal
- March 24, 2020
A PHP webshell is a common tool found on compromised environments. Attackers use webshells as backdoors, allowing them to maintain unauthorized access to a hacked…
SiteCheck Malware Trends Report – Q3 2022
Rianna MacLeod
- October 12, 2022
For the latest malicious scripts, check out our SiteCheck 2023 Mid-Year Malware Trends report. Our free SiteCheck remote website scanner provides immediate insights about malware…
Monetized JavaScript Redirect to Free Porn Webcams for Mobile Devices
Yuliyan Tsvetkov
- March 2, 2017
Attackers will do desperate and obvious things to boost the views of their ‘customers’. On a daily basis we find different malicious redirects (some are…
Unauthenticated settings update in woocommerce-ajax-filters
John Castro
- September 18, 2019
woocommerce-ajax-filters, which currently has over 10,000 installations (versions <=1.3.6) allows unauthenticated attackers to arbitrarily update all the plugin options and redirect any user to an…
Backdoor Targets FreePBX Asterisk Management Portal
Krasimir Konov
- December 15, 2022
Written in PHP and JavaScript, FreePBX is a web-based open-source GUI that manages Asterisk, a voice over IP and telephony server. This open-source software allows…
The Mystery Admin User
Ben Martin
- March 25, 2022
One of our clients recently submitted a malware removal request with a curious problem: A mystery admin user kept getting re-created on their website. Try…
Keeping Up With PHP Updates
Ashley Sand
- April 21, 2022
Staying on top of critical security risks and vulnerabilities is imperative for the safety of your website. Some of the types of threats impacting our client…
Limit Login Attempts Vulnerability – Patch Now!
Ben Martin
- April 12, 2023
On April 11th, 2023, a software update was released to patch a severe vulnerability within the Limit Login Attempts WordPress security plugin. With over 600,000…