Website Security News
Written in PHP and JavaScript, FreePBX is a web-based open-source GUI that manages Asterisk, a voice over IP and telephony server. This open-source software allows users to build customer phone systems. During a recent investigation, I came across a simple piece of malware targeting FreePBX’s…
Read More about Backdoor Targets FreePBX Asterisk Management Portal
Web forms are incredibly useful tools. They allow you to gather important information about potential clients and site visitors, collect comments and feedback, upload files, subscribe new users to your…
The convenience and ease of online transactions has drawn a tremendous number of users to online ecommerce storefronts. And during the pandemic, many consumers switched to online purchases in favor…
Read More about How to Securely Shop With Your Credit Card: Use a Virtual Card & Check for Skimmers
Attackers are always finding unique ways to avoid detection. Our teams regularly find malware on compromised websites which have been obfuscated to make it more difficult for webmasters to detect…
Read More about How to Fix & Remove the “Click Allow If You Are Not a Robot” Redirect
Since 2018, our team has been tracking an interesting type of website infection where the <title> tag of a hacked website is changed to Chinese text — changes which are…
Read More about Chinese Gambling Spam Targets World Cup Keywords
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help…
Read More about WordPress Vulnerability & Patch Roundup November 2022
On November 15th, Ben Martin reported a new type of WordPress infection resulting in the injection of SocGholish scripts into web pages. The attack loads zipped malicious templates from WordPress…
Sure, there are tons of one-click installers floating around for WordPress. But they’re not always the most secure option — and can still be tedious to use, especially if you…
Most modern web browsers and search authorities like Google have a vested interest in protecting their users from malware. Warning messages like “This site may harm your computer” are a…
Read More about How to Fix the “This Site May Harm Your Computer” Warning
Readers of this blog should already be familiar with SocGholish: a widespread, years-long malware campaign aimed at pushing fake browser updates to unsuspecting web users. Once installed, fake browser updates…
Read More about New SocGholish Malware Variant Uses Zip Compression & Evasive Techniques
Attackers are always on the hunt for vulnerable websites. Whether you have a WordPress, Magento, or Joomla website — you’ll want to take steps to keep your site and server…
