Website Security News
Last week, we described how an ongoing massive malware campaign began using Baidu search result links to redirect people to various ad and scam pages. It didn’t last long. Soon after the publication of that article, the bad actors changed the links to use compromised…
The malware attack that began as an installation of malicious Injectbody/Injectscr WordPress plugins back in February has evolved since then. Some of the changes were documented as updates at the bottom…
Recently, I analyzed a malware sample provided by our analyst Edward C. Woelke and noticed that it had been placed in a core WordPress folder. This seemed suspicious, since no…
A few months ago, we covered two injections related to the “cloudflare.solutions” malware: a CoinHive cryptominer hidden within fake Google Analytics and jQuery, and the WordPress keylogger from Cloudflare[.]solutions. This…
Read More about Cloudflare[.]solutions Keylogger Returns on New Domains
Cryptocurrencies are all the rage now. Bitcoin, altcoins, blockchain, ICO, mining farms, skyrocketing exchange rates – you see or hear this every day in the news now. Everyone seems to…
When cleaning websites, one of the most complicated parts of our job is ensuring we find all backdoors. Most of the time, attackers inject code into different locations to increase…
Backdoors are found in 72% of infected websites, according to our latest reports. Backdoors are files left on the server by attackers in order to retain access to your site and…
Read More about Register My Backdoor – Unorthodox Invocation Mechanisms
Since late last year, there has been a steady rise in malware campaigns that aim to steal sensitive personal information and financial credentials. Attackers often insert pieces of malicious code…
Read More about Ecommerce Security – Customer Data Breaches Using Images
We’ve been watching a specific WordPress infection for several months and would like to share details about it. The attacks inject malicious JavaScript code into almost every .js file it…
Read More about WordPress Security – Unwanted Redirects via Infected JavaScript Files
SEO hacks continue to plague websites as attackers abuse SERP rankings for their own gain. The time and effort spent by the website owner creating content, optimizing pages and building…
In the past, we have seen a massive amount of vBulletin websites compromised through the VBSeo Vulnerability. Attackers have been infecting vBulletin websites since 2012 with this malware, and more…
Read More about vBulletin Used to Show Malicious Advertisements
