Security Advisory: Stored XSS in Akismet WordPress Plugin


Security Risk: Dangerous Exploitation Level: Easy/Remote DREAD Score: 9/10 Vulnerability: Stored XSS Patched Version:  3.1.5 During a routine audit for our WAF, we discovered a critical stored XSS vulnerability affecting Akismet,
Read More

Redirect to Microsoft Word Macro Virus

PHP code redirects to malicious Microsoft Word document

These days we rarely see Microsoft Word malware on websites, but it still exists and compromised websites can distribute this kind of malware as well. It's not just email attachments when it comes to sharing infected documents. For example, this
Read More

Brute Force Amplification Attacks Against WordPress XMLRPC

BruteForce Banner

Brute Force attacks are one of the oldest and most common types of attacks that we still see on the Internet today. If you have a server online, it's most likely being hit right now. It could be via protocols like SSH or FTP, and if it's a web
Read More

Phishing for Anonymous Alligators

Anonymous Alligators

Everyone has encountered phishing at some point - fake emails and web pages designed to look legitimate. This tactic is becoming more popular as attackers are learning how to produce new and convincing phishing lures. You might receive spam emails
Read More

Security Advisory: Stored XSS in Jetpack

The ’email’ value being filtered

Security Risk: Dangerous Exploitation Level: Easy/Remote DREAD Score: 8/10 Vulnerability: Stored XSS Patched Version:  3.7.1 During a routine audit for our WAF, we discovered a critical stored XSS affecting the Jetpack WordPress plugin, one of
Read More

WordPress Malware – VisitorTracker Campaign Update


For the last 3 weeks we have been tracking a malware campaign that has been compromising thousands of WordPress sites with the VisitorTracker malware code. We initially posted some details about this issue on this blog post: WordPress Malware -
Read More

Analyzing Black Hat URL Shorteners

malicious url shortener

Hackers are known to use URL shortening services to obfuscate their real landing pages. It’s very effective in clickbait scams on social networks. Some hackers think that using URL shorteners in site injections makes it less likely to be flagged as m
Read More

.htaccess Tricks in Global.asa Files


As you might know a lot of hacks use Apache configuration .htaccess files to override default web site behavior: add conditional redirects, create virtual paths (e.g mod_rewrite), auto-append code to PHP scripts, etc. In the world of IIS/ASP there
Read More

WordPress Malware – Active VisitorTracker Campaign


We are seeing a large number of WordPress sites compromised with the "visitorTracker_isMob" malware code. This campaign started 15 days ago, but only in the last few days have we started to see it gain traction; really affecting a large number of
Read More

Analyzing Proxy Based Spam Networks


We are no strangers to Blackhat SEO techniques, we've actually spent a great deal of time working and sharing various bits of information related to Blackhat SEO techniques over the years. What we haven't shared, however, is the idea of Proxy-based
Read More