Intro to Securing an Online Store
Victor Santoyo Ecommerce websites have one of the most difficult challenges in the web security space – keeping the implicit trust of a customer in order to…
Evil Self-Regenerating WordPress Administrator User
Andrey Kucherov Attackers often aim to conceal their presence using different methods, such as injecting redirect scripts, creating spam pages, or hiding a mailer in checkout pages…
Mining Adminers – Hackers Scan the Internet For DB Scripts
Denis Sinegubko Hackers are constantly scanning the internet for exploitable sites, which is why even small, new sites should be fully patched and protected. At the same…
Google Warnings For Form Input Over HTTP Coming in October
Tony Perez For years, Google has been actively seeking ways to encourage website owners to implement SSL certificates. SSL allows websites to be accessed over HTTPS, which…
When Online Shopping leads to Malware download
Ahmad Azizan Idris Recently, during an incident response process, we worked on an interesting Magento website. This site was reported to having a strange redirection when users visited…
Expired Domain Leads to WordPress Plugin Redirects
Krasimir Konov A malicious redirect is a snippet of code used by attackers with the intention of redirecting visitors to another site; a very common tactic seen…
Evasion Techniques in Phishing Attacks
Fernando Barbosa We all know that we shouldn’t click on links from sketchy looking emails. But what if the website you’re viewing takes you to a spoofed…
Small One-liner Backdoor
Samuel Odendaal During an incident response investigation, we detected an interesting backdoor that was small but had the potential to give the attacker full access to your…
Personal Security Guide – iOS/Android
Caleb Lane We’ve covered a lot of personal security practices, but many people forget how important it is to secure mobile devices, which are riddled with personal…
JavaScript Used to Generate Malicious Documents
When talking about compromised environments, we often think that the website itself is the end goal but that’s not always true. In some cases, attackers…
Decoding Complex Malware – Step-by-Step
Rodrigo Escobar When cleaning websites, one of the most complicated parts of our job is ensuring we find all backdoors. Most of the time, attackers inject code…