SweetCAPTCHA Service Used to Distribute Adware

Fake tech support from www .onlinesystem .info pop-up

SweetCaptcha is a free CAPTCHA service that offers to match "sweet" images instead of making you recognize distorted digits and characters. It has integrations with many website platforms including;  pure PHP, WordPress (10,000+ plugin
Read More

Your Website Hacked but No Signs of Infection

confused-man

Imagine for a moment, you have a suspicion that you have somehow had your website hacked. You see that something is off, but you feel as if you are missing something. This is the emotionally draining world that many live in, with a paranoia and c
Read More

Introducing Free Global Website Performance Tool

Website Performance Test

We are happy to launch a new free tool (aka Global Website Performance Tester) that allows anyone to quickly check how fast a website is loading from across the globe. We extract three key metrics that are critical to the performance of any
Read More

Fake jQuery Scripts in Nulled WordPress Plugins

Fake jQuery script injection

We recently investigated some random redirects on a WordPress website that would only happen to certain visitors. Traffic analysis showed us that it was not a server-side redirect, rather it happened due to some script loaded by the web pages. A
Read More

Website Security: How Do Websites Get Hacked?

How-Websites-Get-Hacked

In 2014 the total number of websites on the internet reached 1 billion, today it's hovering somewhere in the neighborhood of 944 million due to websites going inactive and it is expected to normalize again at 1 billion sometime in 2015. Let's take a
Read More

How Social Media Blacklisting Happens

Social Media Blacklists

In today's world, we are all browsing websites online and sharing content on a multitude of social media platforms every day. Worldwide social media users exceeded 2 billion back in August 2014, with an adoption rate unlike anything we have seen in
Read More

JetPack and TwentyFifteen Vulnerable to DOM-based XSS

Disclosure-Image-Wordpress

Any WordPress Plugin or theme that leverages the genericons package is vulnerable to a DOM-based Cross-Site Scripting (XSS) vulnerability due to an insecure file included with genericons. So far, the JetPack plugin (reported to have over 1 million
Read More

Hacked Websites Redirect to Bitcoin

bitcoin

Recently, we began to notice that some hacked websites were redirecting traffic from certain browsers to the BitCoin site, bitcoin.org. What’s going on? Is Bitcoin using black hat SEO? Is their site malicious? As you can see, the hacked we
Read More

My Website Was Blacklisted By Google and Distributing Email Spam

Image by Benson Kua licensed under Creative Commons

Being blacklisted by Google is one of the worst things that can happen to a website. The public shame coming from every visitor being stopped by the Big Red Warning page can literally destroy any online business, I am speaking from personal
Read More

Critical Persistent XSS 0day in WordPress

*Update 2015-04-27*: A patch has been released and made available by the WordPress Core Team in version 4.2.1 - Please update immediately. Yes, you've read it right: a critical, unpatched XSS 0day in WordPress' comment mechanisms was disclosed
Read More