website security – Page 8 – WindowsTechs.com

COVID-19 Chloroquine Pharmaspam

Posted on August 20, 2020 by Luke Leal

A recent SiteCheck scan of an organization’s website showed an interesting pharmacy spam injection targeting COVID-19-related pages of websites. The HTML that was flagged by our SiteCheck signature, spam-seo.hidden_content?100.2, shows why the pharmac… Continue reading COVID-19 Chloroquine Pharmaspam→

CDN-Filestore Credit Card Stealer for Magento

Posted on August 18, 2020 by Krasimir Konov

During a website remediation, we recently discovered a new version of a Magento credit card stealer which sends all compromised data to the malicious domain cdn-filestore[dot]com. My colleague Luke Leal originally wrote about this malware in a blog po… Continue reading CDN-Filestore Credit Card Stealer for Magento→

Web Crawler & User Agent Blocking Techniques

Posted on August 14, 2020 by Luke Leal

This is a simple script that allows hackers to block specific crawlers based upon website requests from specific user-agents. This is useful when you don’t want certain traffic from being able to load certain content – usually a phishing page or a mal… Continue reading Web Crawler & User Agent Blocking Techniques→

Smoker Backdoor: Evasion Techniques in Webshell Backdoors

Posted on August 13, 2020 by Luke Leal

“Smoker Backdoor” is a PHP webshell backdoor that uses hexadecimal and decimal obfuscation in conjunction with the PHP function goto to evade detection from malware scanners.
The hexadecimal/decimal obfuscation is clear to see when viewing the file’s … Continue reading Smoker Backdoor: Evasion Techniques in Webshell Backdoors→

Accelerating web security for a global retailer

Posted on August 13, 2020 by Deepika Gajaria, Senior Director, Product Management

Tala’s Cloudflare-certified integration module makes deploying enterprise-grade web security easy.
The post Accelerating web security for a global retailer appeared first on Security Boulevard.
Continue reading Accelerating web security for a global retailer→

New Features: Introducing iFrame Sandboxing and Feature Policy

Posted on August 11, 2020 by Deepika Gajaria, Senior Director, Product Management

Web integrations and rich user experience present cybercriminals with an ever-expanding surface to attack. Key new features in Tala’s solution will broaden your defenses.
The post New Features: Introducing iFrame Sandboxing and Feature Polic… Continue reading New Features: Introducing iFrame Sandboxing and Feature Policy→

PHP Binary Downloader

Posted on August 7, 2020 by Luke Leal

When possible, an attacker will want to avoid using specific functions in their PHP code that they know are more likely to be flagged by a scanner. Some examples of suspicious functions commonly detected include system and file_put_contents.
In this m… Continue reading PHP Binary Downloader→

PHP Backdoor Obfuscated One Liner

Posted on August 5, 2020 by Luke Leal

In the past, I have explained how small one line PHP backdoors use obfuscation and strings of code in HTTP requests to pass attacker’s commands to backdoors. Today, I’ll highlight another similar injection example and describe some of the … Continue reading PHP Backdoor Obfuscated One Liner→

Vulnerabilities Digest: July 2020

Posted on August 3, 2020 by John Castro

Relevant Plugins and Vulnerabilities:
PluginVulnerabilityPatched VersionInstalls
Asset CleanUp: Page Speed
Authenticated XSS
1.4.6.7
80000
Quiz And Survey Master
Authenticated Stored XSS
7.0.0
30000
Comments – wpDiscuz 7.0.0 –
Arbitrary Fi… Continue reading Vulnerabilities Digest: July 2020→

SEO Hacktool: Sitemap Generator

Posted on July 30, 2020 by Luke Leal

An XML sitemap is an important part of a website’s SEO and exists to help search engine crawlers index new URLs on your website. For example, if a site has a large number of pages that were recently updated and the owner wants Google to index th… Continue reading SEO Hacktool: Sitemap Generator→