Register My Backdoor – Unorthodox Invocation Mechanisms
Denis Sinegubko Backdoors are found in 72% of infected websites, according to our latest reports. Backdoors are files left on the server by attackers in order to retain…
Labs Notes Monthly Recap – June/2017
Estevao Avillez This month, our Malware Research and Incident Response teams wrote about redirects that deliver malware and ads to visitors, as well as a backdoor method…
What is Cross-Site Contamination and How to Prevent it
Tony Perez If you suffer multiple reinfections and your site is one of many in an account, the odds are high that you’re suffering from cross-site contamination.…
Malicious Backdoor Hidden Inside Fake Image
Samuel Odendaal During an incident response investigation, we detected an interesting backdoor that was hidden in a fake image. The attacker was quite creative in creating an…
Code Injection in Signed PHP Archives (Phar)
Jeff Channell PHP contains an interesting but rarely used feature called Phar, which stands for PHp ARchive, that allows developers to package entire applications as a single…
New Guide on How to Clean a Hacked Drupal Sites
Alycia Mitchell Drupal is an open-source content management system and website builder with a unique structure that allows it to be highly flexible and extendible. For these…
Protecting Phishing Pages via .htaccess
Yuliyan Tsvetkov Phishers usually want to protect their pages from being detected by search engines and security companies. To achieve that, they add .htaccess files that deny…
A Simple Prestashop Login Swiper
Conrado Torquato In a compromised environment, attackers may inject malicious code into different files, including the core of different CMSs, in order to maintain access to the…
Evolution of Conditional Spam Targeting Drupal Sites
Cesar Anjos Last year we took a look at how attackers were infecting Drupal installations to spread their spam and keep their campaigns going by just including…
Phishing the Right Phish
Fernando Barbosa Social engineering techniques, like phishing, can be powerful in persuading users into performing specific actions or disclosing confidential information. In these types of scenarios, attackers…
SQL Injection Vulnerability in WP Statistics
John Castro Update 11/3/2017: We are always looking for the latest to be shared with you and now we have released our WordPress Security Guide, were you…