Most Common Attacks Affecting Today’s Websites
Joseph Herbrandson New web-based attack types and vectors are coming out every day, this is causing businesses, communities and individuals to take security seriously now more than…
Browsing Category
Website Security
1031 posts
Spotting Malicious Injections in Otherwise Benign Code
Denis Sinegubko Being able to spot suspicious code, and then determine whether it is benign or malicious is a very important skill for a security researcher. Every…
Security Advisory – Medium Severity – WP eCommerce WordPress Plugin
Mickael Nadeau If you’re using the popular WP eCommerce WordPress plugin (2,900,000 downloads), you should update it right away. During a routine audit for our Website Firewall…
Threat Introduced via Browser Extensions
We love investigating unusual hacks. There are so many ways to compromise a website, but often it’s the same thing. When we see malicious code…
ASP Backdoors? Sure! It’s not just about PHP
Peter Gramantik I recently came to the realization that it might appear that we’re partial to PHP and WordPress. This realization has brought about an overwhelming need…
Google Blacklists Bit.ly
Daniel Cid If you ever shortened a URL using bit.ly or if you use it anywhere, be aware that Google recently blacklisted all bit.ly pages through its…
Drupal SQL Injection Attempts in the Wild
Update (2014/10/29): The Drupal team just released a Public Service Announcement, confirming what we are seeing (mass compromise of Drupal sites). We’ve released a new…
Vulnerability Disclosed in SSL 3.0 – This Poodle Bites
It seems that SSL just cannot stay out of the news. Another vulnerability, this time in SSL 3.0, has been disclosed at the Google Online…
WordPress Websites Continue to Get Hacked via MailPoet Plugin Vulnerability
The popular Mailpoet(wysija-newsletters) WordPress plugin had a serious file upload vulnerability a few months back, allowing an attacker to upload files to vulnerable sites. This…
Website Security: A Case of SEO Poisoning
Fernando Barbosa There are so many ways your website can be co-opted by hackers for many different reasons, targeting the value created via your SEO is highly…
Bash – ShellShocker – Attacks Increase in the Wild – Day 1
The Bash ShellShocker vulnerability was first disclosed to the public yesterday. Just a few hours after the initial release, we started to see a few…