When creating phishing lures, attackers may cite recent major regulatory changes within the context of their social engineering scheme to confuse or further entice victims into clicking a link or performing some action. For example, in September 2019 the EU directive PSD2 went into effect (with some parts delayed until the end of 2020). This […]
Tag Archives: passwords
Top 10 Hacks & Attacks from 2019
Last year was a busy one in the world of website security. Our 2019 Threat Research Report shows that over 60% of websites we cleaned had a vulnerability at the point of infection, up 4% over 2018. SEO spam remained a universal threat, while backdoors allowed hackers to reinfect sites recovering from an initial attack. […]
WordPress Database Brute Force and Backdoors
We regularly talk about brute force attacks on WordPress sites and explain why WordPress credentials should always be unique, complex, and hard to guess. However, the WordPress login is not the only point of entry that hackers use to break into sites. Since the WordPress CMS stores most of its settings in a database, attackers […]
3-D Secure SMS-OTP Phishing
One of our remediation analysts Eli Trevino recently discovered a phishing page informing victims about fake Netflix service disruptions, supposedly due to problems with the victim’s payment method. The phishing page prompts victims to provide their payment details to prevent account lockout: What’s interesting about this phishing page is that it selectively targets victims within […]
Creative Phishing for Digital Gold on RuneScape
RuneScape is an extremely popular massive multiplayer online game. With over 200 million generated accounts, its claim to fame is that it’s one of the largest free MMORPG’s ever created. At the current time of writing, 1 million in-game gold pieces is valued at around $0.60 USD on the black market. The wealthiest players can […]
6 Simple Steps for Hardening your WordPress Security
Having a secure WordPress site does not need to be a challenge. Hardening a website means adding security layers to reduce the risks of attacks and hacks. 6 ways to Harden WordPress Security You can harden your WordPress site by following these six simple steps: 1 – Keep WordPress updated It is important to keep […]
Password Attacks 101
One of the most common attacks carried out nowadays is related to cracking passwords, but most people probably just know about brute-forcing. There are, in fact, other kinds of attacks around passwords. Let’s take a look at three kinds of password attacks. Brute Force Attacks Brute forcing in its essence is trying many passwords to […]
Personal Online Security – Account Management
Continuing a series on how to better strengthen your personal online privacy, we are looking to take personal inventory of how we connect online. These were themes covered during our webinar “Security Beyond Your Website: Personal Online Privacy” and in a Twitter conversation (through the #Digiblogchat weekly forum) on this same topic. The first posts […]
How Passwords Get Hacked
How many passwords do you use in a given day? Everything on the internet requires a password. It can be tough to keep track of them all and keep coming up with strong passwords. For proof, listen to the grumblings in most office buildings on the day passwords are set to expire. The disdain for […]
Why Reinfections Happen with a WAF
A web application firewall (WAF) is a great way to detect and filter incoming malicious requests before they can exploit website vulnerabilities and security flaws. While a WAF helps protect against threats over HTTP/HTTPS, the website can still be hacked from the inside. Cross-site Contamination One common way that websites get reinfected is through cross-site […]
