ALFA TEaM Shell ~ v4.1-Tesla: A Feature Update Analysis
Luke Leal We’ve seen a wider variety of PHP web shells being used by attackers this year — including a number of shells that have been significantly…
Legacy Mauthtoken Malware Continues to Redirect Mobile Users
Krasimir Konov During malware analysis, we regularly find variations of this injected script on various compromised websites: . The variable “_0x446d” assigns hex encoded strings in different…
CSS-JS Steganography in Fake Flash Player Update Malware
Denis Sinegubko This summer, MalwareBytes researcher Jérôme Segura wrote an article about how criminals use image files (.ico) to hide JavaScript credit card stealers on compromised e-commerce…
Reflected XSS in WordPress v5.5.1 and Lower
Marc-Alexandre Montpas WordPress released version 5.5.2 yesterday, which fixed a reflected XSS vulnerability we reported earlier this year. The root cause of this issue is a bug…
Bridging the Gap Between Application and Network Security with CleanBrowsing
Tony Perez & Daniel Cid When we started Sucuri we set out to make enterprise security accessible, affordable, and effective for every day webmasters. It was at a time when…
5 Places Where You’d Never Expect to Get Hacked
Art Martori For every gleaming new IoT device that hits the market, a hacker somewhere is figuring out how to compromise it. Today, even routine activities can…
P.A.S. Fork v. 1.0 — A Web Shell Revival
A PHP web shell containing multiple functions can easily consist of thousands of lines of code, so it’s no surprise that attackers often reuse the…
Password Security & Password Managers
In the spirit of National Cyber Security Awareness Month (NCSAM), let’s talk about a security basic that many people overlook: passwords. These are one of…
R_Evil WordPress Hacktool & Malicious JavaScript Injections
We often see hackers reusing the same malware, with only a few new adjustments to obfuscate the code so that it is more difficult for…
A Quick Glance at Cross-Origin Resource Sharing Security Headers
Northon Torga Thanks to the rapid growth of JavaScript frameworks such as Angular, Vue, and React, CORS has become a popular word in the developer’s vocabulary. When…
Securing Your Online Store for the Holidays
Victor Santoyo Shopping season is here, and so is the opportunity for ecommerce site owners to grow their business and generate revenue. In lieu of the changing…