Massive Admedia/Adverting iFrame Infection

02012016_Admedia

This past weekend we registered a spike in WordPress infections where hackers injected encrypted code at the end of all legitimate .js files. The distinguishing features of this malware are:
Read More

The Risks of Hiring a Bad SEO Company

Blackhat SEO Website Malware

Today we are not going to explore malware or any other overtly malicious traffic. Instead this post is a warning about dishonest marketing tactics used by services claiming to improve your website traffic or Search Engine Optimization (SEO). We
Read More

Security Advisory: Stored XSS in Magento

Magento-Logo

Security Risk: Dangerous Exploitation Level: Easy/Remote DREAD Score: 7/10 Vulnerability: Stored XSS Patched Version:  Magento CE: 1.9,2.3, Magento EE: 1.14.2.3 During our regular research audits for our Cloud-based WAF, we discovered a Stored
Read More

Server Security: OSSEC Integrates Slack and PagerDuty

Screen Shot 2016-01-15 at 2.17.48 AM

We leverage OSSEC extensively to help monitor and protect our servers. If you are not familiar with OSSEC, it is an open source Intrusion Detection System (HIDS); it has a powerful correlation and analysis engine that integrates log analysis, file
Read More

Ransomware Strikes Websites

Website Ransomware

Ransomware is one of the most insidious types of malware that one can come across. These infections will encrypt all files on the target computer as well as any hard drives connected to the machine – pictures, videos, text files – you name it. This me
Read More

Malicious Pastebin Replacement for jQuery

jQuery Pastebin

Website hackers are always changing tactics and borrowing ideas from each other. One of the challenges of website security is staying on top of those threats as they evolve. We wrote in the past about fake jQuery scripts and how hackers use
Read More

Fake Media Download Sites

12222015_FakeDownloadSites_v2

Your website is a huge part of your brand reputation. It serves as a place to build your audience and helps you get noticed by new visitors from search engines. You spend time working hard to build authority and trustworthiness. When your pages rank
Read More

Using WPScan: Finding WordPress Vulnerabilities

Usingwpscan_blog

When using WPScan you can scan your WordPress website for known vulnerabilities within the core version, plugins, and themes. You can also find out if any weak passwords, users, and security configuration issues are present. The database at
Read More

Vulnerability Details: Joomla! Remote Code Execution

1-sessions

The Joomla! team released a new version of Joomla! CMS yesterday to patch a serious and easy to exploit remote code execution vulnerability that affected pretty much all versions of the platform up to 3.4.5. As soon as the patch was released, we were
Read More

Critical 0-day Remote Command Execution Vulnerability in Joomla

Disclosure-Image---Joomla!

The Joomla security team have just released a new version of Joomla to patch a critical remote command execution vulnerability that affects all versions from 1.5 to 3.4. This is a serious vulnerability that can be easily exploited and is already
Read More