A few weeks ago we wrote about compromised websites being used to attack your web routers at home by changing DNS settings. In that scenario the attackers embedded iFrames to do the heavy lifting, the short fall with this method is they require a website to inject the iFrame. As is often the case, tactics […]
Archive | Security
RSS feed for this sectionDrupal SQL Injection Attempts in the Wild
Less than 48 hours ago, the Drupal team released an update (version 7.32) for a serious security vulnerability (SQL injection) that affected all versions of Drupal 7.x. In our last post, we talked about the vulnerability and that we expected to see attacks starting very soon due to how severe and easy it was to […]
Highly Critical SQL Injection Vulnerability Patched in Drupal Core
The Drupal team just released a security update for Drupal 7.x to address a highly critical SQL injection vulnerability. This bug can be exploited remotely by non-authenticated users and was classified as “Highly Critical” by the Drupal Security team. More information is available in their public advisory: Posted by Drupal Security Team on October 15, […]
Vulnerability Disclosed in SSL 3.0 – This Poodle Bites
It seems that SSL just cannot stay out of the news. Another vulnerability, this time in SSL 3.0, has been disclosed at the Google Online Security Blog. While SSL 3.0 has already been around for almost 15 years, it’s still being used throughout the Web, and nearly every browser supports it. The key point though, […]
WordPress Websites Continue to Get Hacked via MailPoet Plugin Vulnerability
The popular Mailpoet(wysija-newsletters) WordPress plugin had a serious file upload vulnerability a few months back, allowing an attacker to upload files to the vulnerable site. This issue was disclosed months ago, the MailPoet team patched it promptly. It though as many are still not getting the word, or blatantly not updating, because we are seeing […]
Website Attacks – SQL Injection And The Threat They Present
We are starting a new series of articles where we will talk about different active website attacks we are seeing. The first one we will cover is known as a SQL Injection (SQLi). Some might know what a SQL Injection (SQLi) attack looks like, but assuming you don’t, it’s an attack that leverages an injection […]
Phishing with help from Compromised WordPress Sites
We get thousands of spam and phishing emails daily. We use good spam filters (along with Gmail) and that greatly reduces the noise in our inbox. Today though, one slipped through the crack and showed up in my personal inbox: As I went to mark the email as Spam, I decided to hover over the […]
Website Security: A Case of SEO Poisoning
There are so many ways your website can be co-opted by hackers for many different reasons, targeting the value created via your SEO is highly attractive. It provides an attacker the opportunity to cheat the system by quickly benefiting from your raw traffic, your audience. In this post we will share details of a recent […]
Joomla! 3.3.5 Released – Fixing High Priority Security Issues
The Joomla team just released versions 3.3.5, 3.2.6 and 2.5.26, patching security issues. The first one is an Remote File Include (RFI) vulnerability and the second one is a Denial of Service (DoS) vulnerability that affect all previous versions. If you are using Joomla, stop what you are doing and update it now! What’s very […]
Bash – ShellShocker – Attacks Increase in the Wild – Day 1
The Bash ShellShocker vulnerability was first disclosed to the public yesterday, 2014/Sep/24. Just a few hours after the initial release, we started to see a few scans looking for vulnerable servers. Our Website Firewall (CloudProxy) had already virtually patched the vulnerability via it’s Zero Day response mechanism. This allowed us to to create sinkholes to […]
