Drupal Warns – Every Drupal 7 Website Compromised Unless Patched
Daniel Cid The Drupal team released an update to a critical SQL Injection vulnerability a few weeks ago and urged all their users to update or patch…
Threat Introduced via Browser Extensions
Denis Sinegubko We love investigating unusual hacks. There are so many ways to compromise a website, but often it’s the same thing. When we see malicious code…
ASP Backdoors? Sure! It’s not just about PHP
Peter Gramantik I recently came to the realization that it might appear that we’re partial to PHP and WordPress. This realization has brought about an overwhelming need…
Google Blacklists Bit.ly
If you ever shortened a URL using bit.ly or if you use it anywhere, be aware that Google recently blacklisted all bit.ly pages through its…
Popular Brazilian Site “Porta dos Fundos” Hacked
A very well known Brazilian comedy site, “Porta dos Fundos,” was recently hacked and is pushing malware (drive-by-download) via a malicious Flash executable, as you…
Manipulating WordPress Plugin Functions to Inject Malware
Keir Desailly Most authors of website malware usually rely on the same tricks, making it easy for malware researchers to spot obfuscated code, random files that don’t…
The Details Behind the Akeeba Backup Vulnerability
Marc-Alexandre Montpas It’s been a month since our disclosure of a low-severity vulnerability affecting Akeeba Backup version 3.11.4, which allowed an attacker to list and download backups…
Malvertising Payload Targets Home Routers
Fioravante Souza A few weeks ago we wrote about compromised websites being used to attack your web routers at home by changing DNS settings. In that scenario…
Chinese Doorway Spam – P2
We are seeing an increasing number of hacked sited with Chinese doorways promoting various fake merchandises (from Louis Vuitton handbags to NFL jerseys and Canada…
Drupal SQL Injection Attempts in the Wild
Update (2014/10/29): The Drupal team just released a Public Service Announcement, confirming what we are seeing (mass compromise of Drupal sites). We’ve released a new…
Highly Critical SQL Injection Vulnerability Patched in Drupal Core
The Drupal team just released a security update for Drupal 7.x to address a highly critical SQL injection vulnerability. This bug can be exploited remotely…