JetPack and TwentyFifteen Vulnerable to DOM-based XSS

Disclosure-Image-Wordpress

Any WordPress Plugin or theme that leverages the genericons package is vulnerable to a DOM-based Cross-Site Scripting (XSS) vulnerability due to an insecure file included with genericons. So far, the JetPack plugin (reported to have over 1 million
Read More

Hacked Websites Redirect to Bitcoin

bitcoin

Recently, we began to notice that some hacked websites were redirecting traffic from certain browsers to the BitCoin site, bitcoin.org. What’s going on? Is Bitcoin using black hat SEO? Is their site malicious? As you can see, the hacked we
Read More

My Website Was Blacklisted By Google and Distributing Email Spam

Image by Benson Kua licensed under Creative Commons

Being blacklisted by Google is one of the worst things that can happen to a website. The public shame coming from every visitor being stopped by the Big Red Warning page can literally destroy any online business, I am speaking from personal
Read More

Critical Persistent XSS 0day in WordPress

*Update 2015-04-27*: A patch has been released and made available by the WordPress Core Team in version 4.2.1 - Please update immediately. Yes, you've read it right: a critical, unpatched XSS 0day in WordPress' comment mechanisms was disclosed
Read More

Magento Shoplift (SUPEE-5344) Exploits in the Wild

As warned a few days ago, the Magento Shoplift (SUPEE-5344) vulnerability details have been disclosed by the CheckPoint team. They show step by step how it can be exploited to take over a vulnerable Magento site. They have prepared the following
Read More

Security Advisory: XSS Vulnerability Affecting Multiple WordPress Plugins

Multiple WordPress Plugins are vulnerable to Cross-site Scripting (XSS) due to the misuse of the add_query_arg() and remove_query_arg() functions. These are popular functions used by developers to modify and add query strings to URLs within
Read More

Critical Magento Shoplift Vulnerability (SUPEE-5344) – Patch Immediately!

magento-security

The Magento team released a critical security patch (SUPEE-5344) to address a remote command execution (RCE) vulnerability back in February. It's been more than two months since the release and still more than 50% of all the Magento installations
Read More

Critical Microsoft IIS Vulnerability Leads to RCE (MS15-034)

Microsoft just disclosed a serious vulnerability (MS15-034) on their Web Server IIS that allows for remote and unauthenticated Denial of Service (DoS) and/or Remote Code Execution (RCE) on unpatched Windows servers. An attacker only needs to send a
Read More

Impacts of a Hack on a Magento Ecommerce Website

cc-details

Recently we wrote about the impacts of a hacked website and how it is important to give website visitors a safe online experience In this post, I’ll show you how a hacked website results in almost immediate loss of money. We are not talking about d
Read More

How To Create a Website Backup Strategy

wire-rope-59675_640

We've all heard it million times before - backups are important. Still, the reality is that even today, a website backup strategy remains one of the most overlooked and under-utilized precautions we can take to protect our vital data. Why Are
Read More