Malicious Redirects from NewShareCounts.com Tweet Counter

When Twitter announced their new design for “Tweet” and “follow” buttons back in October 2015, marketers across the web developed a mild anxiety—the new design came with a decision to nuke their beloved Tweet count feature. Social signals can be a huge credibility indicator for visitors and site content. Who doesn’t think there’s a psychological More Info »

Security Monitoring Saves the Day

For the second week of  National Cyber Security Awareness Month, we would like to focus on a very important part in having a good website security posture: monitoring. How can security monitoring save your day? Most people only care about their website security after something bad has already happened. However, how can you tell when More Info »

Obfuscated JavaScript Cryptominer

During an incident response investigation, we detected an interesting piece of heavily obfuscated JavaScript malware. Once decoded, we found out that cryptominers were running on visitor’s computers when they accessed our customer’s website. We have previously discussed how cryptomining can happen in many covert ways. In this post, we will show you how a malicious code More Info »

OWASP Top 10 Security Risks – Part I

It is National Cyber Security Awareness Month and in order to bring awareness to what threatens the integrity of websites, we would like to start a series of post on the OWASP top 10 security risks. OWASP stands for the Open Web Application Security Project, an online community that produces articles, methodologies, documentation, tools, and More Info »

October Cybersecurity Month

Since 2003, October has been recognized as National Cybersecurity Awareness Month. It is an annual campaign to raise awareness about the importance of cybersecurity and being a better digital citizen. October has just started and a majority of security companies are promoting internet security. With the holidays fast approaching, it is a crucial time for More Info »

PCI for SMB: Requirement 7 & 8 – Implement Strong Access Control Measures

This is the fifth post in a series of articles on understanding the Payment Card Industry Data Security Standard – PCI DSS. We are halfway there! In the previous articles about PCI, we covered the following: Requirement 1: Build and Maintain a Secure Network – Install and maintain a firewall configuration to protect cardholder data. More Info »

SSL vs. Website Security

Having a website today is way easier than it was 10 or 15 years ago. Tools like content management systems (CMS), website builders, static site generators and alike remove a lot of the friction around building and maintaining sites. But, is there a price for such convenience? I would dare to say that one of More Info »

Backdoor Uses Paste Site to Host Payload

Finding backdoors is one of the biggest challenges of a website security analyst, as backdoors are designed to be hidden in case the malware is found and removed. Website Backdoors A backdoor is a piece of malware that attackers leave behind to allow them access back into a website. Hackers like to inject code into different locations to More Info »