Proxying around 5% of the Internet’s requests gives us an interesting vantage point from which to observe malicious behavior. It also make us a target. Aside from the many, varied denial of service attacks that break against our defenses we also see huge number of phishing campaigns. In this blog post I will dissect a […]
Archive | Security
RSS feed for this sectionMagento Shoplift (SUPEE-5344) Exploits in the Wild
As warned a few days ago, the Magento Shoplift (SUPEE-5344) vulnerability details have been disclosed by the CheckPoint team. They show step by step how it can be exploited to take over a vulnerable Magento site. They have prepared the following video showing a Proof of Concept (PoC) in which they create a fake coupon: That’sRead […]
Contributing back to the security community
This Friday at the RSA Conference in San Francisco, along with Marc Rogers, Principal Security Researcher at CloudFlare, I’m speaking about a version of The Grugq’s PORTAL, an open source network security device designed to make life easier and safer for anyone traveling, especially internationally, with phones, tablets, laptops, and other network-connected devices. Portal uses […]
Security Advisory: XSS Vulnerability Affecting Multiple WordPress Plugins
Multiple WordPress Plugins are vulnerable to Cross-site Scripting (XSS) due to the misuse of the add_query_arg() and remove_query_arg() functions. These are popular functions used by developers to modify and add query strings to URLs within WordPress. The official WordPress Official Documentation (Codex) for these functions was not very clear and misled many plugin developers toRead […]
Critical Magento Shoplift Vulnerability (SUPEE-5344) – Patch Immediately!
The Magento team released a critical security patch (SUPEE-5344) to address a remote command execution (RCE) vulnerability back in February. It’s been more than two months since the release and still more than 50% of all the Magento installations have not been patched, leaving them open to attacks. This means hundreds of thousands of websites areRead […]
Website Firewall – Critical Microsoft IIS vulnerability (MS15-034)
Microsoft just disclosed a serious vulnerability (MS15-034) on their Web Server IIS that allows for remote and unauthenticated Denial of Service (DoS) and/or Remote Code Execution (RCE) on unpatched Windows servers. An attacker only needs to send a specially crafted HTTP request with the right header to exploit it. That’s how serious it is. RCE is usedRead […]
Impacts of a Hack on a Magento Ecommerce Website
Recently we wrote about the impacts of a hacked website and how it is important to give website visitors a safe online experience In this post, I’ll show you how a hacked website results in almost immediate loss of money. We are not talking about drive-by infections that can be prevented by using a goodRead […]
CloudFlare is now a Google Cloud Platform Technology Partner
We’re excited to announce that CloudFlare has just been named a Google Cloud Platform Technology Partner. So what does this mean? Now, Google Cloud Platform customers can experience the best of both worlds—the power and protection of the CloudFlare community along with the flexibility and scalability of Google’s infrastructure. We share many mutual customers with […]
How To Create a Website Backup Strategy
We’ve all heard it million times before – backups are important. Still, the reality is that even today, backups remain one of the most overlooked and under-utilized precautions we can take to protect our vital data. Why are backups so important Put simply, a good set of backups can save your website when absolutely everythingRead […]
FBI Public Service Annoucement: Defacements Exploiting WordPress Vulnerabilities
The US Federal Bureau of Investigation (FBI) just released a public service announcement (PSA) to the public about a large number of websites being exploited and compromised through WordPress plugin vulnerabilities: Continuous Web site defacements are being perpetrated by individuals sympathetic to the Islamic State in the Levant (ISIL) a.k.a. Islamic State of Iraq and […]
