Hacked Websites Mine Cryptocurrencies
Denis Sinegubko Cryptocurrencies are all the rage now. Bitcoin, altcoins, blockchain, ICO, mining farms, skyrocketing exchange rates – you see or hear this every day in the…
Browsing Category
Security Advisory
236 posts
Old Themes, Abandoned Scripts and Pitfalls of Cleaning Serialized Data
Over the summer, we’ve seen waves of WordPress database infections that use vulnerabilities in tagDiv’s Newspaper/Newsmag themes or InterconnectIT Search and Replace scripts (searchreplacedb2.php). The…
Google Warnings For Form Input Over HTTP Coming in October
Tony Perez For years, Google has been actively seeking ways to encourage website owners to implement SSL certificates. SSL allows websites to be accessed over HTTPS, which…
Code Injection in Signed PHP Archives (Phar)
Jeff Channell PHP contains an interesting but rarely used feature called Phar, which stands for PHp ARchive, that allows developers to package entire applications as a single…
Unwanted “Shorte St” Ads in Unpatched Newspaper Theme
Fernando Barbosa Unwanted ads are one of the most common problems that site owners ask us to solve. Recently, we’ve noticed quite a few requests to remove…
New Non-HTTPS Websites Blacklisted for Phishy Password Practices
Cesar Anjos We submit hundreds of blacklist review requests every day after cleaning our clients’ websites. Google’s Deceptive Content warning applies when Google detects dangerous code that…
WordPress REST API Vulnerability Abused in Defacement Campaigns
Daniel Cid WordPress 4.7.2 was released two weeks ago, including a fix for a severe vulnerability in the WordPress REST API. We have been monitoring our WAF…
Session Stealer Script Used In OpenCart
Bruno Zanelato With so many open-source ecommerce platforms available in the market, selling online is an appealing and easy option for any store owner. In a few…
Learning From Buggy WordPress Wp-login Malware
When a site gets hacked, the attack doesn’t end with the malicious payload or spam content. Hackers know that most website administrators will clean up…
A Plugin’s Expired Domain Poses a Security Threat to Websites
Krasimir Konov Do you keep all of your website software (including third-party themes, plugins, and components) up to date? You should! We always recommend this to our…
Fake FreeDNS Used to Redirect Traffic to Malicious Sites
During the last couple of days, we performed a few similar cleanup requests where sites occasionally redirected visitors to malicious sites that displayed ads, spam,…