Website Security News
This is the last post in our series on E-commerce Security: Intro to Securing an Online Store – Part 1 Intro to Securing an Online Store – Part 2 Today, let’s expand on some of the suggestions made during a webinar I hosted recently about steps…
Read More about E-Commerce Security – Planning for Disasters
We’re seeing an increase in the number of cases where attackers are disabling WordPress sites by removing or rewriting its wp-config.php file. These cases are all linked to the same vulnerable software:…
Defaced websites are a type of hack that is easy to notice and a pain for website owners. Recently, we came across some defacement pages with a peculiar JavaScript injection…
We have recently been notified of phishing emails that target WordPress users. The content informs site owners that their database requires an update and looks like this: The email’s appearance…
Read More about WordPress Database Upgrade Phishing Campaign
In the first post of this series, we discussed some of the main website security threats. Knowing the website security environment is a vital part of a good website posture….
Read More about How to Improve Your Website Security Posture – Part II
This August, we’ve seen a new massive wave of WordPress infections that redirect visitors to unwanted sites. When redirected, users see annoying pages with random utroro[.]com addresses and fake reCAPTCHA…
Since July, we’ve been observing a massive WordPress infection that is responsible for unwanted redirects to scam and ad sites. This infection involves the tiny.cc URL shortener, a fake plugin…
Read More about Fake Plugins with Popuplink.js Redirect to Scam Sites
Have you ever wondered if your website security posture is adequate enough? The risk of having a website compromise is never going to be zero. However, as a webmaster, you…
Read More about How to Improve Your Website Security Posture – Part I
Recently, we came across another way to use files from GitHub repositories in malware infections. This time the infections weren’t via GitHub.io, raw.githubusercontent.com, or github.com/<user>/<repository>/raw/ URLs. The new trick involved…
Read More about RawGit CDN is Abused by CryptoLoot Cryptominers
A few years ago, we saw how a browser extension introduced a threat to serve unwanted ads. Today, the number of browser extensions available to users has grown, along with…
Read More about Browser Extension Bug Leads to Post Injection
If you have been following our blog for a long time, you might remember us writing about malware that used EXIF data to hide its code. This technique is still…
Read More about Hiding Malware Inside Images on GoogleUserContent
