Plesk 0-day Remote Vulnerability in the Wild
Daniel Cid Just last week another 0-day vulnerability on Plesk was released. It affects Plesk 9.2, 9.3 and 9.5.4 versions. If you have not yet, we recommend…
Browsing Category
Website Malware Infections
859 posts
From a Site Compromise to Full Root Access – Local Root Exploits – Part II
When an attacker manages to compromise and get access to a website, they won’t likely stop there, they will aim to gain full root (admin)…
From a Site Compromise to Full Root Access – Symlinks to Root – Part I
When an attacker manages to compromise and get access to a website, they won’t likely stop there, they will aim to gain full root (admin)…
Globo.com redirecting users to Spam ads
David Dede Globo.com, one of the largest Brazilian web portals (ranked #107 on Alexa and #6 for Brazilian traffic) appears to be compromised and all visits to…
Auto Generated IFrames To Blackhole Exploit Kit – Following the Cookie Trail
We often talk about websites being compromised and injected with malware that redirect users to exploit kits. We unfortunately don’t give you a complete picture…
W3 Total Cache and WP Super Cache Vulnerability Being Targeted in the Wild
Tony Perez As if on queue, almost 7 days since we released the post about the latest W3TC and WP Super Cache remote command execution vulnerability, we…
Apache Web Server Attacks Continue to Evolve
For the past few months we have seen a gradual increase in server-level compromises. In fact, every week it seems we’re handling half a dozen…
Apache Binary Backdoors on Cpanel-based servers
For the last few months we have been tracking server level compromises that have been utilizing malicious Apache modules (Darkleech) to inject malware into websites.…
WordPress Malicious Plugin – WPPPM – Abusing 404 Redirects with SEO Poisoning
Bruno Borges, of our security team, came across an interesting case this week, in which a WordPress plugin was abusing the 404 rewrite rules and…
Mass WordPress Brute Force Attacks? – Myth or Reality
We are seeing in the media some noise about a large distributed brute force attacks against all hosts targeting WordPress sites. According to reports, they…
When Good Plugins Go Bad – SEO Spam on Joomla Websites
We recently published an article about an interesting case where a very popular WordPress Plugin (Social Media Widget), with more than 900,000 downloads, got sold…