Archive by Author

What Are Cookies? A Short Guide to Managing Your Online Privacy

As much as I’d love to, we’re not here to talk about baked goods. Cookies are commonly used on websites and an essential component of the modern-day internet. However, they can pose a risk to your privacy and personal information. In today’s post we’re going to explore what cookies are, why websites use them, how […]

WordPress Vulnerability & Patch Roundup December 2022

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners on emerging threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this […]

WP-CLI: How to Backup WordPress

Regular website backups are the foundation of a solid website security plan. In the event of data loss or malware infection, restoring a WordPress backup helps you quickly and easily recover your environment and revert it back to its last known good configuration. But what if I told you that there’s a simple and reliable […]

Fake jQuery Domain Redirects Site Visitors to Scam Pages

A recent infection has been making its rounds across vulnerable WordPress sites, detected on over 160 websites so far at the time of writing. The infection is injected at the top of legitimate JavaScript files and executes a script from the following malicious domain: https://jquery0[.]com/JkrJYcvQ At first glance, this domain appears to be legitimate. However, […]

Backdoor Targets FreePBX Asterisk Management Portal

Written in PHP and JavaScript, FreePBX is a web-based open-source GUI that manages Asterisk, a voice over IP and telephony server. This open-source software allows users to build customer phone systems. During a recent investigation, I came across a simple piece of malware targeting FreePBX’s Asterisk Management portal which allowed attackers to arbitrarily add and […]

Input Validation for Website Security

Web forms are incredibly useful tools. They allow you to gather important information about potential clients and site visitors, collect comments and feedback, upload files, subscribe new users to your blog, or even collect payment details. But if your forms aren’t properly validating user inputs, you might be in for a nasty surprise: a variety […]

How to Securely Shop With Your Credit Card: Use a Virtual Card & Check for Skimmers

The convenience and ease of online transactions has drawn a tremendous number of users to online ecommerce storefronts. And during the pandemic, many consumers switched to online purchases in favor of shopping at regular brick and mortar shops — leading to further reliance on credit or debit card transactions over cash to complete purchases. However, […]

Infected WordPress Plugins Redirect to Push Notification Scam

Attackers are always finding unique ways to avoid detection. Our teams regularly find malware on compromised websites which have been obfuscated to make it more difficult for webmasters to detect or understand. Obfuscation can take many forms, such as encrypting code or using complex algorithms to hide the true nature of the malicious contents. For […]

Chinese Gambling Spam Targets World Cup Keywords

Since 2018, our team has been tracking an interesting type of website infection where the tag of a hacked website is changed to Chinese text — changes which are clearly seen in the website’s search results and source code. However, when you open the affected website in a JavaScript-enabled web browser, the site operates as […]

WordPress Vulnerability & Patch Roundup November 2022

Stratusclear.org

Stratusclear Network