Tag Archives: Website Security

What is Website Monitoring?

Picture this: It’s October 2016, and you’re trying to access your favorite websites – Twitter, Netflix, Spotify – but nothing’s loading. If you can believe it, this wasn’t just a bad day for the internet; it was the result of one of the largest DDoS attacks in history, targeting Dyn, a major DNS provider. Fast […]

Security Tips for Modern Web Administrators

Keeping your website secure is crucial to protecting user data and maintaining trust. Think of your website as a digital vault that needs constant safeguarding against potential threats. By understanding and implementing key security practices, you can significantly reduce the risk of attacks and ensure a safe experience for your users. Let’s break down some […]

SocGholish Malware: What It Is & How to Prevent It

Website malware comes in all shapes and sizes, each with its own unique methods of attack and evasion. One threat making regular headlines is SocGholish, a sophisticated and persistent malware that has been targeting websites for over 7 years. Understanding how SocGholish operates and learning how to protect against it is essential if you want […]

2023 Hacked Website & Malware Threat Report

Education is essential for defending your website against emerging threats. That’s why we are thrilled to share our 2023 Hacked Website & Malware Threat Report. Disseminating this information to the community helps educate website owners about the latest trends and threats. This year, we’ve included new insights to highlight the most prevalent tactics and techniques […]

From Privacy to Exfiltration: Telegram’s Role in Website Malware

Telegram, a name synonymous with secure messaging, has paradoxically become a tool for cybercriminals who abuse the strengths of the platform to target unsuspecting websites. This popular messaging platform, once known for its commitment to user privacy and security, is now being used in ways its creators never intended: a conduit for controlling malware-infected websites. […]

How to Fix the NET::ERR_CERT_DATE_INVALID Error

Encountering the NET::ERR_CERT_DATE_INVALID error can be frustrating, but it’s important to address it promptly to ensure your website remains secure and trustworthy. This error typically indicates an issue with your website’s SSL/TLS certificate, which is essential for encrypting data and ensuring a secure connection between your website and its visitors. When this error occurs, users […]

What is a Zero-Day Vulnerability?

Navigating the world of website security can feel like stepping into a minefield, especially when you have to navigate threats like zero-day vulnerabilities. Zero-days are security flaws that, worryingly, remain hidden from everyone involved — from dev teams and users, to even the most conscientious vulnerability researchers. In this post, we’ll take a look at […]

What is Cookie Hijacking

Cookie hijacking involves unauthorized access to cookies, which are small pieces of data stored on your browser by websites you visit. Cookies often contain sensitive information, including session tokens that authenticate users to a web application. By hijacking these cookies, attackers can impersonate users and gain unauthorized access to private accounts and sensitive data. Given […]

JavaScript Malware Switches to Server-Side Redirects & DNS TXT Records as TDS

Last August we documented a malware campaign that was injecting malicious JavaScript code into compromised WordPress sites to redirect site visitors to VexTrio domains. The most interesting thing about that malware was how it used dynamic DNS TXT records of the tracker-cloud[.]com domain to obtain redirect URLs. We’ve been tracking this campaign ever since — […]