Tag Archives: Website Security

Understanding Zero-Day Vulnerabilities & Attacks

In computer science, a vulnerability is considered to be a zero-day vulnerability if it’s unknown to all parties interested in patching it, such as: The team maintaining the project The users of the project Vulnerability researchers Vulnerability researchers are the good guys – people who won’t take advantage of the vulnerability for their own gain More Info »

Wikipedia Page Review Reveals Minr Malware

Since December, we’ve seen a number of websites with this funny looking obfuscated script injected at the very top of the HTML code (before the tag). This code is generated by the well-known JJEncode obfuscator, which was once quite popular for encrypting malicious code. Since its popularity dwindled a few years ago, we’ve hardly seen More Info »

Unwanted Pop-ups Caused by Injectbody/Injectscr Plugins

On February 8th, 2018, we noticed a new wave of WordPress infections involving two malicious plugins: injectbody and injectscr. These plugins inject obfuscated scripts, creating unwanted pop-up/pop-unders. Whenever a visitor clicks anywhere on an infected web page, they are served questionable ads. Plugin Location The malicious plugins possess a very similar file structure: Injectbody wp-content/plugins/injectbody/ More Info »

Why Attackers Hack Small Sites

You would never leave the front door to your house wide open when you’re not home would you? Doing so would allow criminals to seize the opportunity of stealing your valuables. That’s the same way you can look at website hacking. Leaving your website unprotected is like establishing an open-door policy with hackers, giving them More Info »

Hacked Websites Mine Cryptocurrencies

Cryptocurrencies are all the rage now. Bitcoin, altcoins, blockchain, ICO, mining farms, skyrocketing exchange rates – you see or hear this everyday in news now. Everyone seems to be trying to jump on this bandwagon. This trend resulted in emergence of online platforms that allow webmasters to install coin miners into their websites as an More Info »

Creating a Basic Website Security Framework

When you build or remodel a house, construction workers create a strong framework that can withstand the elements to keep your home and possessions secure. But what happens if you ignore proper building codes and inspections? The resulting risks to health and security are unacceptable. The same concept applies to how you secure your websites More Info »

Affiliate Cookie Stuffing in iFrames

Inline frames (iFrames) are an easy way to embed content from another site onto your own. This element allows you to insert another document inside an HTML page and can be really useful for embedding interactive applications like Google maps, advertisements and ecommerce applications. iFrame elements are also popular with website attackers because it allows More Info »