Security Advisory – High severity – WP-Statistics WordPress Plugin
Marc-Alexandre Montpas If you’re using the WP-Statistics WordPress plugin on your website, now is the time to update. While doing a routine audit for our Website Firewall…
RSS Reveals Malware Injections
Denis Sinegubko There are multiple different ways to detect invisible malware on a website: You can scrutinize the HTML code of web pages. Use external scanners like…
Deep Dive into the HikaShop Vulnerability
It’s been two months since our disclosure of an Object Injection vulnerability affecting versions <2.3.3 of the Joomla! Hikashop extension. The vulnerability allowed an attacker…
The Art of Website Malware Removal – The Basics
Joseph Herbrandson When talking about defense against malicious hacks, the attack vector is a common topic for Information Security (InfoSec) professionals. The primary concern is to understand…
The Psychology Behind Why Websites Get Hacked
It’s an everyday conversation for security professionals that interact with new customers. The one where we have to explain that just because everything seems fine,…
The Dangers of Hosted Scripts – Hacked jQuery Timers
Google blacklisted a client’s website claiming that malicious content was being displayed from “forogozoropoto(dot)2waky (dot)com”. A scan didn’t reveal anything suspicious. The next step was…
Combat Black Hat SEO Infections with SEO Insights
Alycia Mitchell Black hat SEO spam is the plague of the internet, and the big search engines take it seriously. One of the worst spam tactics on…
Malicious iFrame Injector Found in Adobe Flash File (.SWF)
Peter Gramantik Finding malware in Adobe Flash files (.swf) is nothing new, but it usually affects personal computers, not servers. Typically, a hidden iframe is used to…
Most Common Attacks Affecting Today’s Websites
New web-based attack types and vectors are coming out every day, this is causing businesses, communities and individuals to take security seriously now more than…
Spotting Malicious Injections in Otherwise Benign Code
Being able to spot suspicious code, and then determine whether it is benign or malicious is a very important skill for a security researcher. Every…
Security Advisory – Medium Severity – WP eCommerce WordPress Plugin
Mickael Nadeau If you’re using the popular WP eCommerce WordPress plugin (2,900,000 downloads), you should update it right away. During a routine audit for our Website Firewall…