Remote Access Trojans (RATs) are a serious threat capable of giving attackers control over infected systems. This malware stealthily enters systems (often disguised as legitimate software or by exploiting a vulnerability in the system) and opens backdoors for attackers to perform a wide range of malicious activities on the victim’s computer. This blog post is […]
Tag Archives: Website Security
What is DDoSing
Nowadays, the term DDoS — or Distributed Denial of Service — raises the heart rate of most webmasters. Though many don’t know exactly what DDoSing is, they might be familiar with the effects of getting DDoSed: an extremely sluggish, dysfunctional, or entirely shut down website. In this article, we’ll define DDoSing, discuss the most common […]
New Guide: How to Protect Your Website from Phishing
There are many threats that can harm your website and your users, but one of the most dangerous is phishing. Phishing is a method used by bad actors to trick people into giving up their personal information. This can lead to identity theft, financial loss, and damage to your website’s reputation. To help you understand […]
Detecting and Mitigating a Phishing Threat: “Greatness”
Emerging in 2022, a phishing tool known as Greatness has caught the attention of our research team due to its coordinated efforts to breach Microsoft 365 accounts and presence on compromised websites. More disturbingly, it has shown effectiveness against multi-factor authentication (MFA), elevating the potential threat level. Identified as a Phishing as a Service (PhaaS) […]
Fixing Website Hosting Issues: “This Account Has Been Suspended”
Experiencing a “This account has been suspended” warning on your website can be both confusing and alarming. This message means that your hosting provider has put your site on a temporary hold. The reasons for an account suspension can range from malware infections and spam content, excessive resource usage, unpaid web hosting bills, or policy […]
The Dangers of Lateral Movement & Website Cross Contamination
One of the most frequent problems that we observe in website hosting environments is “cross contamination” — the lateral movement of an attacker between websites. Cross-site contamination occurs when a site is infected by neighboring sites within the same hosting environment due to poor isolation on the server or account configuration. In this post we […]
What is the Principle of Least Privilege?
If you own a website and collaborate with other people, the Principle of Least Privilege (PoLP) is a crucial security concept which has applications and benefits to strengthen your website security posture. Let’s dive in! Contents: Definition PoLP & Website Security Example of Principle of Least Privilege Default WordPress User Roles How PoLP Affects Websites […]
How to Stop a DDoS Attack in 5 Steps
As a webmaster, keeping your site online during large traffic spikes is what you strive for. But how can you be sure traffic spikes are legitimate? And more importantly, how do you react when they aren’t? The unfortunate reality is DDoS attacks can be a threat for websites big and small. In this post, we’ll […]
New Guide: Broken Access Control
The complexity of modern websites exposes countless potential vulnerabilities to lurking attackers. One of the most underestimated threats? Broken Access Control (BAC). The risk lies within the very machinations of your website — the systems managing who can interact with what. When correctly set, they keep unauthorized users out; when broken… Well, let’s not give […]
What is a Content Security Policy (CSP)
It’s always a good idea to be aware of the security issues that might affect your site. For example, cross-site scripting (XSS) attacks consist of injecting malicious client-side scripts into a website and using the site as a propagation method for other malicious behavior. XSS attacks are possible because browsers trust all requests that come […]
