Content Security Policy
Gerson Ruiz As a website owner, it’s a good idea to be aware of the security issues that might affect your site. For example, Cross-site Scripting (XSS)…
Unwanted Ads via Baidu Links
Denis Sinegubko The malware attack that began as an installation of malicious Injectbody/Injectscr WordPress plugins back in February has evolved since then. Some of the changes were…
Hacked Website Trend Report – 2017
Rianna MacLeod We are proud to be releasing our latest Hacked Website Trend Report for 2017. This report is based on data collected and analyzed by the…
Obfuscation Through Legitimate Appearances
Peter Gramantik Recently, I analyzed a malware sample provided by our analyst Edward C. Woelke and noticed that it had been placed in a core WordPress folder.…
What is Virtual Hardening?
Juliana Lewis If you want to make your website security more robust, you need to think about hardening. To harden your website means to add different layers…
GitHub Hosts Infostealers Part 2: Cryptominers and Credit Card Stealers
Update – March 28th, 2018: The fake Flash update files referenced in this post have been moved from GitHub to port.so[.]tl, and the bit.wo[.]tc script…
GitHub Hosts Infostealer
A few months ago, we reported on how cybercriminals were using GitHub to load a variety of cryptominers on hacked websites. We have now discovered…
Steps to Keep Your Site Clean: Access Points
Celise Davison Unfortunately, most website owners know what it’s like to have a site hacked – the panic, the rush to find anyone out there that can…
Mail from the ‘Boss’ – A Classic Example of a $_POST Mailer Stealing CC Data
Yuliyan Tsvetkov We often find mailer scripts while cleaning malicious code from websites. Some of them are easily discovered, while others are obfuscated or heavily encoded. These…
Intro to Securing an Online Store – Part 2
Victor Santoyo Last year, we introduced the theme of Securing an Online Store. We talked about how to identify the potential risks and what to look out…
The Impacts of Zero-Day Attacks
Last week, we explained what zero-day vulnerabilities and attacks are. Essentially, zero-day vulnerabilities exist in the wild, with no patch available to prevent hackers from…