Server Compromises – Understanding Apache Module iFrame Injections and Secure Shell Backdoor
Daniel Cid There are many ways to inject a malicious payload onto a website. The attacker can modify any of the web files (index.php for example), the…
Website Security – The Importance of Access
Tony Perez I’m not sure why more emphasis isn’t put on access in website security discussions, but I’ll spend some time on it today. Understand that this…
WordPress SPAM Causing Headaches
Newly Released: On 11/3/2017 we published our guide on how to secure your WordPress site and it also talks about vulnerabilities and best practices. It…
WordCamp Las Vegas 2012 – Tony Perez: WordPress Security – Dealing with Today’s Hacks
Dre Armeda Here is a great presentation given by Tony Perez our COO in October of 2012 at WordCamp Las Vegas:
Ruby on Rails Vulnerability Leads to Remote Command Execution on Servers
As always, the year is kicking off with a bang. This is a public service announcement to get the word out on a very serious…
W3 Total Cache Implementation Vulnerability
Just in time for Christmas, it was announced on the full disclosure list a security (configuration/implementation) bug on W3 Total cache (W3TC), one of the…
Website Malware – Drupal Injections Targeting Cookies
Many folks are unfamiliar with the Drupal CMS, it doesn’t enjoy the popularity that some others do like WordPress and Joomla, but its a powerful…
Website Malware – Sharp Increase in SPAM Attacks – WordPress & Joomla
This past week we have seen a sharp increase in the use of old tactics designed to poison your search engine results – also known…
Website Malware – Reality of Cross-Site Contaminations
Sometimes you can’t help but put yourself in the shoes of your clients and skeptics and wonder how many times they roll their eyes at…
WordPress 3.5 Released
Update like it’s hot! Today marks the release of WordPress 3.5 (Named Elvin after jazz drimmer Elvin Jones), a major release this year for the…
Web Malware – Working with Evil Backdoors – Part III
The most complicated part of our job, when cleaning compromised web sites, is ensuring we find all backdoors. If we miss one, the site can…