What is a WAF?
Juliana Lewis Have you ever wondered what WAF means? WAF stands for Website Application Firewall. In order to make it simple to understand, imagine your website as…
Browsing Category
Security Advisory
239 posts
Formidable Forms / Shortcodes Ultimate Exploits In The Wild
Marc-Alexandre Montpas On Monday, November 20th, we were notified about a vulnerability that poses a serious security risk when the Shortcodes Ultimate and Formidable Forms plugins are…
Risks For E-commerce Site Owners Through the Holidays
Pilar Garcia Shopping season is here, and with that, so is the opportunity for ecommerce site owners to grow their revenue and reputation. However, hackers are also…
Hacked Websites Mine Cryptocurrencies
Denis Sinegubko Cryptocurrencies are all the rage now. Bitcoin, altcoins, blockchain, ICO, mining farms, skyrocketing exchange rates – you see or hear this every day in the…
Old Themes, Abandoned Scripts and Pitfalls of Cleaning Serialized Data
Over the summer, we’ve seen waves of WordPress database infections that use vulnerabilities in tagDiv’s Newspaper/Newsmag themes or InterconnectIT Search and Replace scripts (searchreplacedb2.php). The…
Google Warnings For Form Input Over HTTP Coming in October
Tony Perez For years, Google has been actively seeking ways to encourage website owners to implement SSL certificates. SSL allows websites to be accessed over HTTPS, which…
Code Injection in Signed PHP Archives (Phar)
Jeff Channell PHP contains an interesting but rarely used feature called Phar, which stands for PHp ARchive, that allows developers to package entire applications as a single…
Unwanted “Shorte St” Ads in Unpatched Newspaper Theme
Fernando Barbosa Unwanted ads are one of the most common problems that site owners ask us to solve. Recently, we’ve noticed quite a few requests to remove…
New Non-HTTPS Websites Blacklisted for Phishy Password Practices
Cesar Anjos We submit hundreds of blacklist review requests every day after cleaning our clients’ websites. Google’s Deceptive Content warning applies when Google detects dangerous code that…
WordPress REST API Vulnerability Abused in Defacement Campaigns
Daniel Cid WordPress 4.7.2 was released two weeks ago, including a fix for a severe vulnerability in the WordPress REST API. We have been monitoring our WAF…
Session Stealer Script Used In OpenCart
Bruno Zanelato With so many open-source ecommerce platforms available in the market, selling online is an appealing and easy option for any store owner. In a few…