The Dangers of Hosted Scripts – Hacked jQuery Timers
Denis Sinegubko Google blacklisted a client’s website claiming that malicious content was being displayed from “forogozoropoto(dot)2waky (dot)com”. A scan didn’t reveal anything suspicious. The next step was…
Browsing Category
Website Malware Infections
859 posts
Malicious iFrame Injector Found in Adobe Flash File (.SWF)
Peter Gramantik Finding malware in Adobe Flash files (.swf) is nothing new, but it usually affects personal computers, not servers. Typically, a hidden iframe is used to…
Most Common Attacks Affecting Today’s Websites
Joseph Herbrandson New web-based attack types and vectors are coming out every day, this is causing businesses, communities and individuals to take security seriously now more than…
Spotting Malicious Injections in Otherwise Benign Code
Being able to spot suspicious code, and then determine whether it is benign or malicious is a very important skill for a security researcher. Every…
Popular Brazilian Site “Porta dos Fundos” Hacked
A very well known Brazilian comedy site, “Porta dos Fundos,” was recently hacked and is pushing malware (drive-by-download) via a malicious Flash executable, as you…
Manipulating WordPress Plugin Functions to Inject Malware
Keir Desailly Most authors of website malware usually rely on the same tricks, making it easy for malware researchers to spot obfuscated code, random files that don’t…
Malvertising Payload Targets Home Routers
Fioravante Souza A few weeks ago we wrote about compromised websites being used to attack your web routers at home by changing DNS settings. In that scenario…
Drupal SQL Injection Attempts in the Wild
Daniel Cid Update (2014/10/29): The Drupal team just released a Public Service Announcement, confirming what we are seeing (mass compromise of Drupal sites). We’ve released a new…
Highly Critical SQL Injection Vulnerability Patched in Drupal Core
The Drupal team just released a security update for Drupal 7.x to address a highly critical SQL injection vulnerability. This bug can be exploited remotely…
WordPress Websites Continue to Get Hacked via MailPoet Plugin Vulnerability
The popular Mailpoet(wysija-newsletters) WordPress plugin had a serious file upload vulnerability a few months back, allowing an attacker to upload files to vulnerable sites. This…
Website Attacks – SQL Injection And The Threat They Present
We are starting a new series of articles where we will talk about different active website attacks we are seeing. The first one we will…