The past few months we’ve been spending a good deal of time talking about backups. This is for good reason, they are often your safety net when things go wrong; interestingly enough though, they are often the forgotten pillar of security. It’s why we spent some time thinking through what a good backup strategy mightRead […]
Archive by Author
10 Tips to Improve Your Website Security
In recent years there has been a proliferation of great tools and services in the web development space. Content management systems (CMS) like WordPress, Joomla!, Drupal and so many other allow business owners to quickly and efficiently build their online presences. Their highly extensible architectures, rich plugin, module, extension ecosystem have made it easier thanRead […]
Security Advisory: Object Injection Vulnerability in WooCommerce
Security Risk: Dangerous Exploitation Level: Easy/Remote DREAD Score: 8/10 Vulnerability: Object Injection Patched Version: 2.3.11 During a routine audit for our WAF, we discovered a dangerous Object Injection vulnerability which could, in certain contexts, be used by an attacker to download any file on the vulnerable server. Are you at risk? The vulnerability is onlyRead […]
SweetCAPTCHA Service used to Distribute Adware
SweetCaptcha is free CAPTCHA service that offers to match sweet-looking images instead of making you recognize distorted digits and characters. It has integration with many website platforms: pure PHP, WordPress (10,000+ plugin installs), Drupal, Joomla, ModX, .NET, JavaScript, and even offers an API that can be used on other platforms. So far so good. MaliciousRead […]
Your Website Hacked but No Signs of Infection
Imagine for a moment, you have a suspicion that you have somehow been hacked. You see that something is off, but you feel as if you are missing something. This is the emotionally draining world that many live in, with a paranoia and concern that grips you once you see and recognize that something is not right.Read […]
Introducing Free Global Website Performance Tool
We are happy to launch a new free tool (aka Global Website Performance Tester) that allows anyone to quickly check how fast a website is loading from across the globe. We extract three key metrics that are critical to the performance of any website: connection time, time to first byte (TTFB) and total load time:Read […]
Fake jQuery Scripts in Nulled WordPress Pugins
We recently investigated some random redirects on a WordPress website that would only happen to certain visitors. Traffic analysis showed us that it was not a server-side redirect, rather it happened due to some script loaded by the web pages. A quick look through the HTML code revealed this script: It was very suspicious forRead […]
Website Security – How Do Websites Get Hacked?
In 2014 the total number of websites on the internet reached 1 billion, today it’s hovering somewhere in the neighborhood of 944 million due to websites going inactive and it is expected to normalize again at 1 billion sometime in 2015. Let’s take a minute to absorb that number for a moment. Another surprising statistic isRead […]
How Social Media Blacklisting Happens
In today’s world, we are all browsing websites online and sharing content on a multitude of social media platforms every day. Worldwide social media users exceeded 2 billion back in August 2014, with an adoption rate unlike anything we have seen in history. Social media continues to grow around the world, with active user accountsRead […]
JetPack and TwentyFifteen Vulnerable to DOM-based XSS – Millions of WordPress Websites Affected
Any WordPress Plugin or theme that leverages the genericons package is vulnerable to a DOM-based Cross-Site Scripting (XSS) vulnerability due to an insecure file included with genericons. So far, the JetPack plugin (reported to have over 1 million active installs) and the TwentyFifteen theme (installed by default) are found to be vulnerable. The exact countRead […]
