Collaborate Disseminate
The Firewall service deploys various heuristic checks and methods to protect your site. One of our most popular security settings, and questions, utilizes geolocation in order to protect and filter requests made to your site depending on where that us… Continue reading What is Geolocation?
During a recent plugin audit, we noticed a weird pattern among many plugins responsible for performing a specific task: Duplicating a page or a post.
With a bit of research, we came to the following conclusion: Many of these plugins came from the same… Continue reading Duplicated Vulnerabilities in WordPress Plugins
It goes without saying that evasive maneuvering is at the top of a hacker’s priority list. Most often, they try to evade detection by obfuscating their malicious code to make it unreadable to the naked eye.
In our recent post we demonstrated how… Continue reading Obfuscated WordPress Malware Dropper
Our security analyst Moe Obaid recently found yet another variation of a web skimmer script injected into a Magento database.
The malicious script loads the credit card stealing code from qr201346[.]pw and sends the stolen details to hxxps://gooogleta… Continue reading Web Skimmer with a Domain Name Generator
A vulnerability in the discontinued WordPress theme OneTone has been added to an ongoing campaign that is targeting vulnerable WordPress websites and causes malicious redirects through domains like ischeck[.]xyz.
This specific wave uses the XSS vulner… Continue reading OneTone Vulnerability Leads to JavaScript Cookie Hijacking
When it comes to online gambling spam, first think about fantasies of fame and fortune. Who hasn’t imagined defying the odds at an exotic casino? Splitting a pair of sevens. Going all in on the flop. Your baccarat dealer declaring, La grande! Fo… Continue reading What is online gambling spam and what can I do about it?
While working on a recent case, I found something on a WordPress website that is not as common as on Magento environments: A credit card swiper injection.
Typically this type of malware targets dedicated ecommerce platforms such as Magento and Prestas… Continue reading Analysis of a WordPress Credit Card Swiper
Last year was a busy one in the world of website security. Our 2019 Threat Research Report shows that over 60% of websites we cleaned had a vulnerability at the point of infection, up 4% over 2018. SEO spam remained a universal threat, while backdoors… Continue reading Top 10 Hacks & Attacks from 2019
If you’re wondering how to find and fix the Japanese keyword hack, get started by identifying a real-life example. First, open Google Translate, and then get the Japanese characters for the search term buy Ralph Lauren. Copy and paste that into … Continue reading How to Find & Fix the Japanese Keyword Hack
In today’s internet age we take our privacy for granted. We sign up for many services which are “free.” We participate in giveaways and generally give out information about ourselves all the time to websites that might not be very re… Continue reading How to Protect Personally Identifiable Information (PII) from Search Engines