GoDaddy Infosec Archives

WordPress Vulnerability & Patch Roundup April 2024

Sucuri Malware Research Team
April 29, 2024

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes…

Read the Post

What is Cookie Hijacking

Cesar Anjos
April 23, 2024

Cookie hijacking involves unauthorized access to cookies, which are small pieces of data stored on your browser by websites you visit. Cookies often contain sensitive…

Read the Post

JavaScript Malware Switches to Server-Side Redirects & Uses DNS TXT Records as TDS

JavaScript Malware Switches to Server-Side Redirects & DNS TXT Records as TDS

Denis Sinegubko
April 18, 2024

Last August we documented a malware campaign that was injecting malicious JavaScript code into compromised WordPress sites to redirect site visitors to VexTrio domains. The…

Read the Post

Web shell: Types, Detection & Mitigation

Web Shells: Types, Mitigation & Removal

Cesar Anjos
April 8, 2024

Web shells are malicious scripts that give attackers persistent access to compromised web servers, enabling them to execute commands and control the server remotely. These…

Read the Post

Sign1 Malware: Analysis, Campaign History & Indicators of Compromise

Ben Martin
March 20, 2024

A new client recently came to us reporting seemingly random pop ups occurring on their website. While it was clear that there was something amiss…

Read the Post

From Web3 Drainer to Distributed WordPress Brute Force Attack

Denis Sinegubko
March 5, 2024

Two weeks ago we discussed a new development in website hacks: Web3 crypto wallet drainers. We’ve been closely following the most significant variant which injects…

Read the Post

Angel Drainer - from Phishing Sites to Malicious Injections

Web3 Crypto Malware: Angel Drainer Overview, Variants & Stats

Denis Sinegubko
February 21, 2024

Since January 2024, there has been a notable surge in attacks by a novel form of website malware targeting Web3 and cryptocurrency assets. This malware,…

Read the Post

Thousands of Sites with Popup Builder Compromised by Balada Injector

Denis Sinegubko
January 10, 2024

On December 11, 2023 WPScan published Marc Montpas’ research on the stored XSS vulnerability in the popular Popup Builder plugin (200,000+ active installation) that was…

Read the Post

Analysis of the Fake WordPress CVE-2023-46182 Patch Plugin & Phishing Campaign

Denis Sinegubko
December 14, 2023

On December 1, 2023, several security researchers reported about a new phishing campaign targeting WordPress administrators. WordPress sites owners had started receiving emails from WordPress.com…

Read the Post

40 New Domains of Magecart Veteran ATMZOW Found in Google Tag Manager

Denis Sinegubko
December 7, 2023

Hackers like Google Tag Manager: millions of sites use it, and they can inject custom scripts and HTML code via a script from the highly…

Read the Post

Balada Injector Targets Unpatched tagDiv Plugin, Newspaper Theme & WordPress Admins

Denis Sinegubko
October 6, 2023

In the middle of September 2023, vulnerability advisory resources disclosed the details of an Unauthenticated Stored XSS vulnerability in the tagDiv Composer (the companion plugin…

Read the Post