Website Security News
During a recent plugin audit, we noticed a weird pattern among many plugins responsible for performing a specific task: Duplicating a page or a post. With a bit of research, we came to the following conclusion: Many of these plugins came from the same source…
Read More about Duplicated Vulnerabilities in WordPress Plugins
Last year was a busy one in the world of website security. Our 2019 Threat Research Report shows that over 60% of websites we cleaned had a vulnerability at the…
Our team recently found a malicious injection located within a PHP include. The redirect occurs via the include function, which includes a file inconspicuously named license.txt. During our investigation, we…
Read More about Fake License.txt File Loaded Through PHP Include
Our Remediation team analyst Ben Martin recently found a malicious injection in a compromised Magento 1.9.x installation that was stealing Magento user login credentials. The injection was found in the…
Read More about Magento Login Stealer in Fake bg_white.png Image
Our Remediation team lead Ben Martin recently discovered a single line obfuscated PHP injection in the main index.php file of a Magento 1.9.x website. It was being used to capture…
One of our Remediation team analysts, Liam Smith, discovered a malicious file on a client’s compromised WordPress website that demonstrates how attackers can use rudimentary tools to extract specific data…
Read More about Email Scraper: Mass Mail Grabber from Database
There are many different tricks hackers use to make injected spam links invisible to regular visitors. Below is an example employed by one link spam campaign, which primarily promotes porn,…
Most of us are familiar with Neapolitan ice cream: a flavour whose distinguishing characteristic is not one single flavour but several. Many also know it as the ice cream which…
Lately, we’ve seen quite a few sites with injected spammy links that follow this format: <div style=”position: absolute; opacity: 0.001; z-index: 10; filter: alpha(opacity=0);”> <a href=”https://www.shoesfindoutlet[.]co/”>www.shoesfindoutlet[.]co</a> <a href=”https://www.stepperbest[.]com/”>stepper motor</a> </div>…
The domain en-google-analytic[.]com, currently sinkholed by a security intelligence company, has been observed by our team to be part of a mass spam injection campaign. This attack was active as…
Read More about Spam Injector Masquerading as Google Analytics
During a recent investigation we found this suspicious code pretending to be associated with Bing ads.After further review, we see that the code is actually injecting JavaScript from “js-mini[.]com”.The injected…
