10 Tips to Improve Your Website Security
Keir Desailly In recent years there has been a proliferation of great tools and services in the web development space. Content management systems (CMS) like WordPress, Joomla!,…
Security Advisory: Object Injection Vulnerability in WooCommerce
Marc-Alexandre Montpas During a routine audit for our WAF, we discovered a dangerous Object Injection vulnerability in WooCommerce which could, in certain contexts, be used by an…
SweetCAPTCHA Service Used to Distribute Adware
Denis Sinegubko SweetCaptcha is a free CAPTCHA service that offers to match “sweet” images instead of making you recognize distorted digits and characters. It has integrations with…
Your Website’s Been Hacked But No Signs of Infection
Tony Perez Imagine for a moment you suspect that your website has been hacked. Something is off, but you feel as if you are missing what that…
Website Security: How Do Websites Get Hacked?
In 2014, the total number of websites on the internet reached 1 billion. Today it’s hovering somewhere in the neighborhood of 944 million due to…
Fake jQuery Scripts in Nulled WordPress Plugins
We recently investigated some random redirects on a WordPress website that would only happen to certain visitors. Traffic analysis showed us that it was not…
How Social Media Blacklisting Happens
Val Vesa In today’s world, we are all browsing websites online and sharing content on a multitude of social media platforms every day. Worldwide social media users…
JetPack and TwentyFifteen Vulnerable to DOM-based XSS
David Dede Any WordPress Plugin or theme that leverages the genericons package is vulnerable to a DOM-based Cross-Site Scripting (XSS) vulnerability due to an insecure file included…
Hacked Websites Redirect to Bitcoin
Recently, we began to notice that some hacked websites were redirecting traffic from certain browsers to the BitCoin site, bitcoin.org. What’s going on? Is Bitcoin using…
My Website Was Blacklisted By Google and Distributing Email Spam
Being blacklisted by Google is one of the worst things that can happen to a website. The public shame coming from every visitor being stopped…
Critical Persistent XSS 0day in WordPress
*Update 2015-04-27*: A patch has been released and made available by the WordPress Core Team in version 4.2.1 – Please update immediately. Yes, you’ve read…