Assemble the Cookies
Luke Leal When we investigate compromised websites, it’s not unusual to find malicious files that have been obfuscated through forms of encoding or encryption — however, these…
Browsing Category
Website Security
1031 posts
Tiny WSO Webshell Loader
A PHP webshell is a common tool found on compromised environments. Attackers use webshells as backdoors, allowing them to maintain unauthorized access to a hacked…
Free Sucuri WAF for Medical & Social Services
Chase Watts During the COVID-19 pandemic, there is concern about health systems worldwide. Many people in isolation or self-quarantine are looking for accurate medical information online on…
Safe Browsing During a Pandemic: How to Spot COVID-19 Phishing Campaigns
Justin Channell Online bad actors tend to take advantage of tragedy for their own gain – and the coronavirus is no different. While we would hope that…
Tips for New Remote Workers
Juliana Lewis With the new pandemic hovering over our heads, the main piece of advice from most countries is stay home. Working remotely is a new reality…
Reflected XSS in Advanced Ads Admin Dashboard
Antony Garand A patch for a vulnerability in the Advanced Ads plugin has been released. Prior to version 1.17.4, attackers were able to exploit two reflected XSS…
2020 Website Security Glossary
Art Martori As the online threat landscape continues to evolve, so too does the language we use to describe it. To support a safer internet for everyone,…
Innocent Defacement
Cesar Anjos When we talk about defacements, we’re usually referring to attacks leading to a visual takeover of a website’s page ― consider it a form of…
Throwback Threat Thursday: WordPress 4.7 WP-JSON Content Injection Vulnerability
Throwback Threat Thursday is a series of posts where we recall older vulnerabilities that have since been patched by their developers. In the past, these…
WordPress Database Brute Force and Backdoors
Denis Sinegubko We regularly talk about brute force attacks on WordPress sites and explain why WordPress credentials should always be unique, complex, and hard to guess. However,…
3-D Secure SMS-OTP Phishing
One of our remediation analysts Eli Trevino recently discovered a phishing page informing victims about fake Netflix service disruptions, supposedly due to problems with the…