Creative Evasion Technique Against Website Firewalls
Lee Howarth During one of our recent in-house Capture The Flag (CTF) events, I was playing with the idea of what could be done with Non-Breaking Spaces.…
Browsing Category
Security Education
681 posts
Website Backdoors Leverage the Pastebin Service
Denis Sinegubko We continue our series of posts about hacker attacks that exploit a vulnerability in older versions of the popular RevSlider plugin. In this post we’ll…
WP Symposium – Zero Day Vulnerability Dangers
David Dede Our friends at SpiderLabs released a blog post today talking about the latest WP Symposium file upload vulnerability, and the attacks they have been seeing…
Malvertising on a Website Without Ads
Fioravante Souza When you first configure your website, whether it be WordPress, Joomla, Drupal, or any other flavor of the month, it is often in its purest…
IIS, Compromised GoDaddy Servers, and Cyber Monday Spam
While doing an analysis of one black-hat SEO doorway on a hacked site, I noticed that it linked to many similar doorways on other websites,…
Leveraging the WordPress Platform for SPAM
Keir Desailly We’ve all seen WordPress comment and pingback spam, but thanks to strict moderation regimes and brilliant WordPress plugins that focus strictly on SPAM comments, comment…
Typos Can have a Bigger Impact Than Expected
Have you ever thought about the cost of a typo? You know what I mean, a simple misspelling of a word somewhere on your website.…
Protecting Against Unknown Software Vulnerabilities
Daniel Cid Bugs exist in every piece of code. It is suggested that for every 1,000 lines of code, there are on average 1 to 5 bugs…
Website Malware Removal: Phishing
Joseph Herbrandson As we continue on our Malware Removal series we turn our attention to the increasing threat of Phishing infections. Just like a fisherman casts and…
Security Advisory – High severity – WP-Statistics WordPress Plugin
Marc-Alexandre Montpas If you’re using the WP-Statistics WordPress plugin on your website, now is the time to update. While doing a routine audit for our Website Firewall…
Deep Dive into the HikaShop Vulnerability
It’s been two months since our disclosure of an Object Injection vulnerability affecting versions <2.3.3 of the Joomla! Hikashop extension. The vulnerability allowed an attacker…