Nowadays, the term DDoS — or Distributed Denial of Service — raises the heart rate of most webmasters. Though many don’t know exactly what DDoSing is, they might be familiar with the effects of getting DDoSed: an extremely sluggish, dysfunctional, Continue reading What is DDoSing
There are many threats that can harm your website and your users, but one of the most dangerous is phishing. Phishing is a method used by bad actors to trick people into giving up their personal information. This can lead Continue reading New Guide: How to Protect Your Website from Phishing
Emerging in 2022, a phishing tool known as Greatness has caught the attention of our research team due to its coordinated efforts to breach Microsoft 365 accounts and presence on compromised websites. More disturbingly, it has shown effectiveness against multi-factor Continue reading Detecting and Mitigating a Phishing Threat: “Greatness”
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners on emerging threats to their environments, we’ve Continue reading Vulnerability & Patch Roundup January 2024
If you’ve recently launched a WordPress website, you might be asking, “How do I log in to WordPress?” or “Where is my WordPress login located?” Don’t worry — you’re not alone, and these are essential questions to ask. Understanding where Continue reading How to Find, Change & Protect the WordPress Login URL: A Beginner’s Guide
Experiencing a “This account has been suspended” warning on your website can be both confusing and alarming. This message means that your hosting provider has put your site on a temporary hold. The reasons for an account suspension can range Continue reading Fixing Website Hosting Issues: “This Account Has Been Suspended”
One of the most frequent problems that we observe in website hosting environments is “cross contamination” — the lateral movement of an attacker between websites. Cross-site contamination occurs when a site is infected by neighboring sites within the same hosting Continue reading The Dangers of Lateral Movement & Website Cross Contamination
On December 11, 2023 WPScan published Marc Montpas’ research on the stored XSS vulnerability in the popular Popup Builder plugin (200,000+ active installation) that was fixed in version 4.2.3. A couple of days later, on December 13th, the Balada Injector Continue reading Thousands of Sites with Popup Builder Compromised by Balada Injector
If you own a website and collaborate with other people, the Principle of Least Privilege (PoLP) is a crucial security concept which has applications and benefits to strengthen your website security posture. Let’s dive in! Contents: ShareTweetSharePostSharePin It!
As a webmaster, keeping your site online during large traffic spikes is what you strive for. But how can you be sure traffic spikes are legitimate? And more importantly, how do you react when they aren’t? The unfortunate reality is Continue reading How to Stop a DDoS Attack in 5 Steps
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners on emerging threats to their environments, we’ve Continue reading WordPress Vulnerability & Patch Roundup December 2023
The complexity of modern websites exposes countless potential vulnerabilities to lurking attackers. One of the most underestimated threats? Broken Access Control (BAC). The risk lies within the very machinations of your website — the systems managing who can interact with Continue reading New Guide: Broken Access Control
One of our analysts recently found an interesting malicious plugin injected into a WordPress / WooCommerce ecommerce website which both creates and conceals a bogus administrator user. It was also found injecting sophisticated credit card skimming JavaScript into the website’s Continue reading MageCart WordPress Plugin Injects Malicious User & Credit Card Skimmer
It’s always a good idea to be aware of the security issues that might affect your site. For example, cross-site scripting (XSS) attacks consist of injecting malicious client-side scripts into a website and using the site as a propagation method Continue reading What is a Content Security Policy (CSP)
On December 1, 2023, several security researchers reported about a new phishing campaign targeting WordPress administrators. WordPress sites owners had started receiving emails from WordPress.com with the following message: “The WordPress Security Team has discovered a Remove Code Execution (RCE) Continue reading Analysis of the Fake WordPress CVE-2023-46182 Patch Plugin & Phishing Campaign
On December 6th, 2023, the WordPress plugin Backup Migration received a critical security patch for a remote code execution vulnerability. Details were released five days later after users were given an opportunity to install the patch, although the official CVE Continue reading Critical RCE Vulnerability Patched in Backup Migration Plugin
In this post, we will look at how to use WPScan as a WordPress vulnerability scanner. This security tool provides you with a better understanding of your WordPress website and any vulnerabilities that may be present in your environment. It Continue reading WPScan Intro: How to Scan for WordPress Vulnerabilities
Hackers like Google Tag Manager: millions of sites use it, and they can inject custom scripts and HTML code via a script from the highly trusted domain googletagmanager.com. In order to create a new container and abuse Google Tag Manager, Continue reading 40 New Domains of Magecart Veteran ATMZOW Found in Google Tag Manager
Website hacking — the act of exploiting weaknesses to gain unauthorized access to a website, database, cPanel, or admin dashboard — is a reality that some webmasters struggle with. In the hands of bad actors, automated hack tools and exploit Continue reading Common Website Hacking Techniques
If you were to believe shopping mall merchants, you’d think the holiday season starts immediately after Halloween. Christmas trees and candy canes abound, along with the same songs played on repeat that we hear every year ad nauseam. However, the Continue reading Skimming Credit Cards with WebSockets