Collaborate Disseminate
Website reinfections are a serious problem for website owners, and it can often be difficult to determine the cause behind the reinfection — especially if you lack access to necessary logs, which is usually the case for shared hosting services.
Some o… Continue reading The Hidden PHP Malware that Reinfects Cleaned Files
It’s common for hackers to utilize post-compromise tools that contain a graphical user interface (GUI) that can be loaded in the web browser. A GUI generally makes the tool easier to use — and certainly more visually appealing than just raw text.
One … Continue reading phpbash – A Terminal Emulator Web Shell
The two hackers allegedly hacked more than 50 websites hosted in the U.S. and vandalized them with pro-Iran messages. Continue reading DoJ Indicts Two Hackers for Defacing Websites with Pro-Iran Messages
Email will continue to be the dominant mode of digital communication for the foreseeable future. However, the email framework was not designed with security in mind. There still are security flaws that bad actors regularly exploit to their advantage.
… Continue reading Missing DMARC Records Lead to Phishing
An alarm or monitoring system is a great tool that can be used to improve the security of a home or website, but what if an attacker can easily disable it?
I’ve previously written about malware that reverses security hardening measures enacted either … Continue reading WordPress Malware Disables Security Plugins to Avoid Detection
The administrative dashboard in WordPress is a pretty safe place: Only elevated users can access it. Exploiting a plugin’s admin panel would serve very little purpose here — an administrator already has the required permissions to do all of the action… Continue reading Reflected XSS in WordPress Plugin Admin Pages
Initially released December 2015, PHP 7 introduced a multitude of performance and security improvements. Approximately 43.7% of websites across the web currently use PHP 7.x, making it an incredibly popular scripting language — which is likely why att… Continue reading Using assert() to Execute Malware in PHP 7 Environments
In a rare move, the encrypted messaging service is being used to send stolen payment-card data from websites back to cybercriminals. Continue reading Magecart Credit-Card Skimmer Adds Telegram as C2 Channel
You might have recently heard that eBay is performing port scanning, while online shoppers are visiting their website. At first glance, it will probably sound a bit strange, as port scanning is an internal network action. As such, it is designed to det… Continue reading Why and How are Enterprise Companies, Like eBay, Actively Port-scanning End-users’ Computers From Their Websites
The Magento 1 EOL date has already passed, however it’s evident that a large number of websites will continue to use it for the foreseeable future. Unfortunately, attackers are also aware that many websites are straggling with their Magento migrations… Continue reading Magento Multiversion (1.x/2.x) Backdoor