Website Security News
Learn about the latest website security news from our research and incident response teams. Find out about emerging website malware campaigns and the best steps to protect your site from hackers. To learn more check out the series of website security guides created by our team.
When possible, an attacker will want to avoid using specific functions in their PHP code that they know are more likely to be flagged by a scanner. Some examples of suspicious functions commonly detected include system and file_put_contents. In this malware dropper file we recently…
In the past, I have explained how small one line PHP backdoors use obfuscation and strings of code in HTTP requests to pass attacker’s commands to backdoors. Today, I’ll highlight…
Relevant Plugins and Vulnerabilities: Plugin Vulnerability Patched Version Installs Asset CleanUp: Page Speed Authenticated XSS 1.4.6.7 80000 Quiz And Survey Master Authenticated Stored XSS 7.0.0 30000 Comments – wpDiscuz 7.0.0…
An XML sitemap is an important part of a website’s SEO and exists to help search engine crawlers index new URLs on your website. For example, if a site has…
As 2020 continues to be the worst year in almost anybody’s lifetime, allow me to take this opportunity to stoke the fires of your existential dread even further. As a…
Read More about Reverse String WooCommerce WordPress Credit Card Swiper
MalwareBytes recently shared some information about web skimmers that store malicious code inside real .ico files. During a routine investigation, we detected a similar issue. Instead of targeting .ico files,…
We recently found a simple malicious script leveraging Magento’s internal functions to create a new admin user with the admin role “Inchoo” — probably referring to a Croatian Magento consulting…
Fake WordPress plugins appear to be trending as an effective way of establishing a foothold on compromised websites. During a recent investigation, we discovered a fake component which was masquerading…
Read More about Fake WordPress Plugin SiteSpeed Serves Malicious Ads & Backdoors
According to recent statistics, the web design industry in the United States is now worth more than $40 billion each year. It’s why our annual survey of agencies and web…
Phishing kits are the back end components to a phishing attack and are often designed to make it easier to deploy a phishing page. These kits are typically bundled in…
Read More about Spox Phishing Kit Harvests Chase Bank Credentials
One widespread belief among webmasters is that attackers typically only compromise websites in a couple of ways: by exploiting vulnerabilities or stealing login credentials. Although these are certainly two of…
Read More about Pirated WordPress Plugins Bundled with Backdoors
