While we deal with a lot of phishing cases, we rarely see mobile applications used as part of a phishing campaign—these apps add a layer of complexity to the process which deters some bad actors from incorporating into their attack. To launch a successful phish with a mobile application, bad actors first need to figure […]
Tag Archives: Website Security
Why Reinfections Happen with a WAF
A web application firewall (WAF) is a great way to detect and filter incoming malicious requests before they can exploit website vulnerabilities and security flaws. While a WAF helps protect against threats over HTTP/HTTPS, the website can still be hacked from the inside. Cross-site Contamination One common way that websites get reinfected is through cross-site […]
Vulnerable Versions of Adminer as a Universal Infection Vector
This past week, we’ve been monitoring a new wave of website infections mostly impacting WordPress and Magento websites. We found that hackers have been injecting scripts from scripts.trasnaltemyrecords[.]com into multiple files and database tables. This is still the same ongoing campaign that we’ve been following for the past few years, where site visitors are redirected […]
Pharma Spam Redirects to .su & .eu Sites
We regularly clean all sorts of black hat SEO infections. During these infection cleanups, we often find compromised websites redirecting visitors to fake “Canadian Pharmacy” landing pages selling counterfeit men’s health pills from various .su and .eu top level domains. Spammy Redirect File Names & Contents These SEO infections usually come in the form of […]
Halloween Tales of the IoT Crypt
In the spirit of Halloween, we bring you some of the scariest internet of things (IoT) hacks that we have been made aware of. While this does not really focus on website security, it is still an interesting topic when you think about cybersecurity as a whole. Watching over a Baby The first spooky tale […]
Data URLs and HTML Entities in New WordPress Malware
Last week, an ongoing WordPress malware campaign started a new wave which included a variety of experimental injection types. Scripts as Data URLs The first type looks pretty similar to what we discussed in our recent post. However, instead of placing the code between the … tags, these injections have begun to embed them inline […]
Fake French Police Sextortion Scam
There has been a noted increase in the number of sextortion scams during 2019. These scam campaigns are commonly distributed through email, but any method of digital communication can be used to deliver the blackmail threat to the victim. Blackmail Attempts for Bitcoin Payments The majority of these sextortion scam emails follow a similar template, […]
Throwback Threat Thursday: JCE Vulnerability
Despite WordPress’ market share completely overshadowing other CMS’, Joomla (previously known as Mambo) has still managed to retain its position as the second most popular CMS. In fact, even with a decreasing market share in the overall CMS landscape, there are still well over a million live websites using Joomla to manage their digital content. […]
NIST Cybersecurity Framework
The United States National Institute of Standards and Technology (NIST) has created a framework for improving critical infrastructure cybersecurity, referred to as the NIST Cybersecurity Framework. The main objective of this framework is to offer organizations a list of items for assessing and enhancing their capacity for preventing, detecting and responding to cyberattacks. According to […]
Personal Online Privacy – Connecting Online
When California passed an online privacy law that will take effect on Jan. 1, 2020, it made me think about a user’s responsibility when it comes to how we engage online. As online privacy starts to become a larger discussion, it’s important we take personal invexntory of: How are we connecting online? How can we […]
