B374k Web Shell Packer
Luke Leal PHP web shells are a type of backdoor which, when left on compromised websites, allow attackers to maintain unauthorized access after initial compromise. To further…
Browsing Category
Website Security
1012 posts
YouTube Account Recovery Phishing
Phishing attacks against targeted channels have been successful in the past, as explained last year on ZDNet. Recently, our Remediation team found an interesting phishing…
New Drupal Website Security Best Practices Guide
Justin Channell When it comes to content management systems (CMS) for websites, Drupal is a highly flexible and extendible open-source solution. It is often preferred by technical…
Labs Notes Monthly Recap – April/2020
Juliana Lewis In 2020, we doubled up our research efforts to report on many new attacks and hacks that we see in the wild. We believe that…
Vulnerabilities Digest: April 2020
John Castro Relevant Plugins and Vulnerabilities: Plugin Vulnerability Patched Version Installs Widget Settings Importer/Exporter Stored XSS Closed 40000 Accordion Stored/Reflected XSS 2.2.9 30000 Support Ticket System By…
Phishing Campaign Targets Poste Italiane & SMS OTP Verification
When creating phishing lures, attackers may cite recent major regulatory changes within the context of their social engineering scheme to confuse or further entice victims…
What is Geolocation?
Dutch Hill The Firewall service deploys various heuristic checks and methods to protect your site. One of our most popular security settings, and questions, utilizes geolocation in…
WordPress Admin Login Stealer
Krasimir Konov During an investigation, we identified a WordPress login stealer using the PHP functions curl and file_get_contents. The malicious code was injected into the core file…
Duplicated Vulnerabilities in WordPress Plugins
Antony Garand During a recent plugin audit, we noticed a weird pattern among many plugins responsible for performing a specific task: Duplicating a page or a post.…
Fake M-Shield WordPress Plugin
During a recent malware investigation, we found a fake WordPress plugin called M-Shield. We also found almost an identical plugin under the name kingof, with…
Obfuscated WordPress Malware Dropper
It goes without saying that evasive maneuvering is at the top of a hacker’s priority list. Most often, they try to evade detection by obfuscating…