Since January 2024, there has been a notable surge in attacks by a novel form of website malware targeting Web3 and cryptocurrency assets. This malware, spread across multiple campaigns, uses crypto drainers to steal and redistribute assets from compromised wallets. The strategy involves either injecting drainers directly into compromised websites or redirecting site visitors to […]
Remote Access Trojan (RAT): Types, Mitigation & Removal
Remote Access Trojans (RATs) are a serious threat capable of giving attackers control over infected systems. This malware stealthily enters systems (often disguised as legitimate software or by exploiting a vulnerability in the system) and opens backdoors for attackers to perform a wide range of malicious activities on the victim’s computer. This blog post is […]
What is DDoSing
Nowadays, the term DDoS — or Distributed Denial of Service — raises the heart rate of most webmasters. Though many don’t know exactly what DDoSing is, they might be familiar with the effects of getting DDoSed: an extremely sluggish, dysfunctional, or entirely shut down website. In this article, we’ll define DDoSing, discuss the most common […]
New Guide: How to Protect Your Website from Phishing
There are many threats that can harm your website and your users, but one of the most dangerous is phishing. Phishing is a method used by bad actors to trick people into giving up their personal information. This can lead to identity theft, financial loss, and damage to your website’s reputation. To help you understand […]
Detecting and Mitigating a Phishing Threat: “Greatness”
Emerging in 2022, a phishing tool known as Greatness has caught the attention of our research team due to its coordinated efforts to breach Microsoft 365 accounts and presence on compromised websites. More disturbingly, it has shown effectiveness against multi-factor authentication (MFA), elevating the potential threat level. Identified as a Phishing as a Service (PhaaS) […]
Vulnerability & Patch Roundup January 2024
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners on emerging threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this […]
How to Find, Change & Protect the WordPress Login URL: A Beginner’s Guide
If you’ve recently launched a WordPress website, you might be asking, “How do I log in to WordPress?” or “Where is my WordPress login located?” Don’t worry — you’re not alone, and these are essential questions to ask. Understanding where to find your WordPress login URL and how to use it is a fundamental part […]
Fixing Website Hosting Issues: “This Account Has Been Suspended”
Experiencing a “This account has been suspended” warning on your website can be both confusing and alarming. This message means that your hosting provider has put your site on a temporary hold. The reasons for an account suspension can range from malware infections and spam content, excessive resource usage, unpaid web hosting bills, or policy […]
The Dangers of Lateral Movement & Website Cross Contamination
One of the most frequent problems that we observe in website hosting environments is “cross contamination” — the lateral movement of an attacker between websites. Cross-site contamination occurs when a site is infected by neighboring sites within the same hosting environment due to poor isolation on the server or account configuration. In this post we […]
Thousands of Sites with Popup Builder Compromised by Balada Injector
On December 11, 2023 WPScan published Marc Montpas’ research on the stored XSS vulnerability in the popular Popup Builder plugin (200,000+ active installation) that was fixed in version 4.2.3. A couple of days later, on December 13th, the Balada Injector campaign started infecting websites with older versions of the Popup Builder. The attack used a […]
