Obfuscated JavaScript Crypto Miner
Samuel Odendaal During an incident response investigation, we detected an interesting piece of heavily obfuscated JavaScript malware. Once decoded, Crypto Miners were ran on customers visiting the…
RawGit CDN is Abused by CryptoLoot Cryptominers
Denis Sinegubko Recently, we came across another way to use files from GitHub repositories in malware infections. This time the infections weren’t via GitHub.io, raw.githubusercontent.com, or github.com/<user>/<repository>/raw/…
Switching to HTTPS Before It’s Too Late
Krasimir Konov Google, Mozilla, and other web authorities are pushing for website owners to adopt HTTPS. Soon, Google Chrome will start flagging sites by displaying a warning that…
How Some OTP Systems Can Be Used to Prank Spam
Luke Leal I recently came across an interesting index.php file and its corresponding directory on a compromised website. I loaded it in a testing environment and immediately…
Browser Extension Bug Leads to Post Injection
Cesar Anjos A few years ago, we saw how a browser extension introduced a threat to serve unwanted ads. Today, the number of browser extensions available to…
Hardening WordPress on Apache, Nginx, or IIS
Alycia Mitchell Server configuration files allow administrators to restrict access and make changes at the server level. Depending on the server software you use, there are different…
Hiding Malware Inside Images on GoogleUserContent
If you have been following our blog for a long time, you might remember us writing about malware that used EXIF data to hide its…
Using Innocent roles to hide admin users
All across the internet we find guides and tutorials on how to keep your WordPress site secure, and they all approach the concept of user…
Persistent Malicious Redirect Variants
Peter Gramantik It’s always nice to meet an old friend or someone you used to know well. You have news to share and talk about, stories to…
WordPress Update – 4.9.7 Security & Maintenance Release
Marc-Alexandre Montpas The WordPress team has just released a critical security and maintenance update to resolve a number of bugs and security issues. Included in this release…
CoinImp Cryptominer and Fully Qualified Domain Names
We are all familiar with the conventional domain name notation, where different levels are concatenated with the full stop character (period). E.g. “www.example.com”, where “www”…