VPN: A Key to Securing an Online Work Environment
Marc Kranat The current COVID-19 epidemic is changing the way people work, rapidly moving to working remotely as I have done for 20 years. I am providing…
Assemble the Cookies
Luke Leal When we investigate compromised websites, it’s not unusual to find malicious files that have been obfuscated through forms of encoding or encryption — however, these…
Tiny WSO Webshell Loader
A PHP webshell is a common tool found on compromised environments. Attackers use webshells as backdoors, allowing them to maintain unauthorized access to a hacked…
Free Sucuri WAF for Medical & Social Services
Chase Watts During the COVID-19 pandemic, there is concern about health systems worldwide. Many people in isolation or self-quarantine are looking for accurate medical information online on…
Reflected XSS in Cookiebot Administrative Page
Antony Garand A reflected XSS vulnerability has recently been found in the Cookiebot plugin plugin, impacting a user base of over 40k installs. Versions prior to 3.6.1…
Safe Browsing During a Pandemic: How to Spot COVID-19 Phishing Campaigns
Justin Channell Online bad actors tend to take advantage of tragedy for their own gain – and the coronavirus is no different. While we would hope that…
Tips for New Remote Workers
Juliana Lewis With the new pandemic hovering over our heads, the main piece of advice from most countries is stay home. Working remotely is a new reality…
Extract Function Backdoor Variant
We recently found malware on a client’s WordPress site that was using a variant of a backdoor that we previously covered back in 2014. The…
Reflected XSS in Advanced Ads Admin Dashboard
A patch for a vulnerability in the Advanced Ads plugin has been released. Prior to version 1.17.4, attackers were able to exploit two reflected XSS…
2020 Website Security Glossary
Art Martori As the online threat landscape continues to evolve, so too does the language we use to describe it. To support a safer internet for everyone,…
Innocent Defacement
Cesar Anjos When we talk about defacements, we’re usually referring to attacks leading to a visual takeover of a website’s page ― consider it a form of…