SoakSoak: Payload Analysis – Evolution of Compromised Sites – IE 11
Denis Sinegubko Thousands of WordPress sites have been hit by the SoakSoak attack lately. At this moment we know quite a lot about it; it uses the…
Browsing Category
WordPress Security
672 posts
RevSlider Vulnerability Leads To Massive WordPress SoakSoak Compromise
Daniel Cid Yesterday we disclosed a large malware campaign targeting and compromising over 100,000 WordPress sites, and growing by the hour. It was named SoakSoak due to…
SoakSoak Malware Compromises 100,000+ WordPress Websites
Tony Perez This Sunday has started with a bang. Google has blacklisted over 11,000 domains with this latest malware campaign from SoakSoak.ru: Our analysis is showing impacts…
Leveraging the WordPress Platform for SPAM
Keir Desailly We’ve all seen WordPress comment and pingback spam, but thanks to strict moderation regimes and brilliant WordPress plugins that focus strictly on SPAM comments, comment…
Security Advisory – High Severity– WordPress Download Manager
Mickael Nadeau If you’re using the popular WP Download Manager plugin (around 850,000 downloads), you should update right away. During a routine audit for our Website Firewall…
Security Advisory – High Severity – InfiniteWP Client WordPress plugin
Marc-Alexandre Montpas If you’re using the InfiniteWP WordPress Client plugin to manage your website, now is a good time to update. While doing a routine audit of…
Protecting Against Unknown Software Vulnerabilities
Bugs exist in every piece of code. It is suggested that for every 1,000 lines of code, there are on average 1 to 5 bugs…
Security Advisory – High severity – WP-Statistics WordPress Plugin
If you’re using the WP-Statistics WordPress plugin on your website, now is the time to update. While doing a routine audit for our Website Firewall…
The Psychology Behind Why Websites Get Hacked
Joseph Herbrandson It’s an everyday conversation for security professionals that interact with new customers. The one where we have to explain that just because everything seems fine,…
Threat Introduced via Browser Extensions
We love investigating unusual hacks. There are so many ways to compromise a website, but often it’s the same thing. When we see malicious code…
ASP Backdoors? Sure! It’s not just about PHP
Peter Gramantik I recently came to the realization that it might appear that we’re partial to PHP and WordPress. This realization has brought about an overwhelming need…