Cryptominers on Hacked Sites – Part 2
Denis Sinegubko Last month we wrote about how the emergence of website cryptocurrency miners resulted in hackers abusing the technology by injecting the CoinHive miners into compromised…
Browsing Category
WordPress Security
672 posts
Attackers leveraging WP Maintenance plugin to deface websites
Bruno Zanelato Recently, during a website investigation, we detected that attackers have been modifying the database structure of WP Maintenance plugin (which is a very popular wordpress…
Fake Plugins, Fake Security
Peter Gramantik Update: The plugin name is fake and has nothing to do with the well-known WP-SpamShield plugin in the official WordPress plugin repository. WordPress users are…
Stored Cross-Site Scripting Vulnerability in WordPress 4.8.1
Rodolfo Assis Update 11/03/2017: Read all about vulnerabilities and best practices to secure your website in our newly WordPress Security Guide today! During regular research audits for…
Simple self updating hacktool
Pedro Peixoto While working on a compromised website, it’s very common to encounter hacktools. Those are like the attackers’ swiss knife, allowing them to perform several tasks…
Old Themes, Abandoned Scripts and Pitfalls of Cleaning Serialized Data
Over the summer, we’ve seen waves of WordPress database infections that use vulnerabilities in tagDiv’s Newspaper/Newsmag themes or InterconnectIT Search and Replace scripts (searchreplacedb2.php). The…
SEO spam loading from external site
Krasimir Konov Many websites get compromised and used for SEO in order to drive traffic to other websites that would usually be ranked very low or completely…
Evil Self-Regenerating WordPress Administrator User
Andrey Kucherov Attackers often aim to conceal their presence using different methods, such as injecting redirect scripts, creating spam pages, or hiding a mailer in checkout pages…
Expired Domain Leads to WordPress Plugin Redirects
A malicious redirect is a snippet of code used by attackers with the intention of redirecting visitors to another site; a very common tactic seen…
Small One-liner Backdoor
Samuel Odendaal During an incident response investigation, we detected an interesting backdoor that was small but had the potential to give the attacker full access to your…
SQL Injection Vulnerability in WP Statistics
John Castro Update 11/3/2017: We are always looking for the latest to be shared with you and now we have released our WordPress Security Guide, were you…