Three days ago the ImageMagic (also known as, ImageTragick) vulnerability was released to the world. We’ve been actively monitoring this vulnerability, and have … [Read more...]
Hacked Websites Redirect to Porn from PDF / DOC Links
We write a lot about various blackhat SEO hacks on this blog and most of you are already familiar with such things as doorways, cloaking and SEO poisoning. This … [Read more...]
WordPress Sites Leveraged in Layer 7 DDoS Campaigns
We first disclosed that the WordPress pingback method was being misused to perform massive layer 7 Distributed Denial of Service (DDoS) attacks back in March … [Read more...]
Analyzing Proxy Based Spam Networks
We are no strangers to Blackhat SEO techniques, we’ve actually spent a great deal of time working and sharing various bits of information related to Blackhat … [Read more...]
WordPress Brute Force Attacks – 2015 Threat Landscape
One of the first server-level compromises I had to deal with in my life was around 15 years ago, and it was caused by an SSH brute force attack. A co-worker set … [Read more...]
Malicious Google Search Console Verifications
This past summer we noticed a trend of more and more Blackhat SEO hacks trying to verify additional accounts as owners of compromised sites in Google Search … [Read more...]
Analyzing Popular Layer 7 Application DDoS Attacks
Distributed Denial of Service (DDoS) attacks have been a major concern for website owners for a while. All types of sites, from small to big, have been taken … [Read more...]
FunWebProducts UserAgent Bloating Traffic
Every once in a while we get a case that makes us dig deep to find answers. We have spoken before about the trouble with forensics and reasons why websites get … [Read more...]
Common Website Security Terminology Defined
If you want to keep your website safe, it is important to understand the terminology used to describe the causes and effects of hacks. Software vulnerabilities … [Read more...]
JetPack and TwentyFifteen Vulnerable to DOM-based XSS
Any WordPress Plugin or theme that leverages the genericons package is vulnerable to a DOM-based Cross-Site Scripting (XSS) vulnerability due to an insecure … [Read more...]