WP Symposium – Zero Day Vulnerability Dangers
David Dede Our friends at SpiderLabs released a blog post today talking about the latest WP Symposium file upload vulnerability, and the attacks they have been seeing…
Browsing Category
Security Education
679 posts
Malvertising on a Website Without Ads
Fioravante Souza When you first configure your website, whether it be WordPress, Joomla, Drupal, or any other flavor of the month, it is often in its purest…
IIS, Compromised GoDaddy Servers, and Cyber Monday Spam
Denis Sinegubko While doing an analysis of one black-hat SEO doorway on a hacked site, I noticed that it linked to many similar doorways on other websites,…
Leveraging the WordPress Platform for SPAM
Keir Desailly We’ve all seen WordPress comment and pingback spam, but thanks to strict moderation regimes and brilliant WordPress plugins that focus strictly on SPAM comments, comment…
Typos Can have a Bigger Impact Than Expected
Have you ever thought about the cost of a typo? You know what I mean, a simple misspelling of a word somewhere on your website.…
Protecting Against Unknown Software Vulnerabilities
Daniel Cid Bugs exist in every piece of code. It is suggested that for every 1,000 lines of code, there are on average 1 to 5 bugs…
Website Malware Removal: Phishing
Joseph Herbrandson As we continue on our Malware Removal series we turn our attention to the increasing threat of Phishing infections. Just like a fisherman casts and…
Security Advisory – High severity – WP-Statistics WordPress Plugin
Marc-Alexandre Montpas If you’re using the WP-Statistics WordPress plugin on your website, now is the time to update. While doing a routine audit for our Website Firewall…
Deep Dive into the HikaShop Vulnerability
It’s been two months since our disclosure of an Object Injection vulnerability affecting versions <2.3.3 of the Joomla! Hikashop extension. The vulnerability allowed an attacker…
The Art of Website Malware Removal – The Basics
When talking about defense against malicious hacks, the attack vector is a common topic for Information Security (InfoSec) professionals. The primary concern is to understand…
The Dangers of Hosted Scripts – Hacked jQuery Timers
Google blacklisted a client’s website claiming that malicious content was being displayed from “forogozoropoto(dot)2waky (dot)com”. A scan didn’t reveal anything suspicious. The next step was…