Global CyberSecurity
Using assert() to Execute Malware in PHP 7 Environments
Post Views: 649 Initially released December 2015, PHP 7 introduced a multitude of performance and security improvements. Approximately 43.7% of websites across the ...
Global CyberSecurity
Persistent WordPress User Injection
Post Views: 722 Our team recently stumbled across an interesting example of malicious code used to add an arbitrary user inside WordPress. The ...
Global CyberSecurity
Magento Multiversion (1.x/2.x) Backdoor
Post Views: 932 The Magento 1 EOL date has already passed, however it’s evident that a large number of websites will continue to ...
Global CyberSecurity
COVID-19 Chloroquine Pharmaspam
Post Views: 670 A recent SiteCheck scan of an organization’s website showed an interesting pharmacy spam injection targeting COVID-19-related pages of websites. The ...
Global CyberSecurity
CDN-Filestore Credit Card Stealer for Magento
Post Views: 686 During a website remediation, we recently discovered a new version of a Magento credit card stealer which sends all compromised ...
Global CyberSecurity
Web Crawler & User Agent Blocking Techniques
Post Views: 793 This is a simple script that allows hackers to block specific crawlers based upon website requests from specific user-agents. This ...
Global CyberSecurity
Smoker Backdoor: Evasion Techniques in Webshell Backdoors
Post Views: 829 “Smoker Backdoor” is a PHP webshell backdoor that uses hexadecimal and decimal obfuscation in conjunction with the PHP function goto ...