Clik here to view.
CloudProxy + SPDY = A Faster Website
Our CloudProxy Firewall already protects and speeds load times for 1,000’s of websites. Now, it’ll be even faster. We’re happy to announce that we just added support for SPDY (pronounced speedy) across...
View ArticleClik here to view.
New Brute Force Attacks Exploiting XMLRPC in WordPress
This post is available in Spanish (Este post está disponible en español). Brute force attacks against WordPress have always been very common. In fact, Brute Force attacks against any CMS these days is...
View ArticleClik here to view.
Quick Analysis of a DDoS Attack Using SSDP
This post is available in Spanish (Este post está disponible en español). Last week, one of our many clients came under an interesting attack. Enough that it was flagged for human intervention. The...
View ArticleClik here to view.
Anatomy of 2,000 Compromised Web Servers used in DDoS Attack
This post is available in Spanish (Este post está disponible en español). One of our clients was being attacked by a layer-7 DDoS attack for more than a week. The attack was generating around 5,000...
View ArticleBash – ShellShocker – Attacks Increase in the Wild – Day 1
The Bash ShellShocker vulnerability was first disclosed to the public yesterday, 2014/Sep/24. Just a few hours after the initial release, we started to see a few scans looking for vulnerable servers....
View ArticleClik here to view.
Website Attacks – SQL Injection And The Threat They Present
We are starting a new series of articles where we will talk about different active website attacks we are seeing. The first one we will cover is known as a SQL Injection (SQLi). Some might know what a...
View ArticleVulnerability Disclosed in SSL 3.0 – This Poodle Bites
It seems that SSL just cannot stay out of the news. Another vulnerability, this time in SSL 3.0, has been disclosed at the Google Online Security Blog. While SSL 3.0 has already been around for almost...
View ArticleHighly Critical SQL Injection Vulnerability Patched in Drupal Core
The Drupal team just released a security update for Drupal 7.x to address a highly critical SQL injection vulnerability. This bug can be exploited remotely by non-authenticated users and was classified...
View ArticleDrupal SQL Injection Attempts in the Wild
Update (2014/10/29): The Drupal team just released a Public Service Announcement, confirming what we are seeing (mass compromise of Drupal sites). We’ve released a new post with recovery information if...
View ArticleDrupal Warns – Every Drupal 7 Website was Compromised Unless Patched
The Drupal team released an update to a critical SQL Injection vulnerability a few weeks ago and urged all their users to update or patch their sites as immediately. Today the the Drupal team released...
View ArticleSecurity Advisory – High severity – WP-Statistics WordPress Plugin
Advisory for: WordPress WP-Statistics Plugin Security Risk: High (DREAD score : 7/10) Exploitation level: Easy/Remote Vulnerability: Stored XSS which executes on the administration panel. Patched...
View ArticleProtecting Against Unknown Software Vulnerabilities
Bugs exist in every piece of code. It is suggested that for every 1,000 lines of code, there are on average 1 to 5 bugs to be found. Some of these bugs can have security implications. These are known...
View ArticleClik here to view.
WP Symposium – Zero Day Vulnerability Dangers
Our friends at SpiderLabs released a blog post today talking about the latest WP Symposium file upload vulnerability, and the attacks they have been seeing in the wild. This specific vulnerability was...
View ArticleDrupal Warns – Every Drupal 7 Website was Compromised Unless Patched
The Drupal team released an update to a critical SQL Injection vulnerability a few weeks ago and urged all their users to update or patch their sites as immediately. Today the the Drupal team released...
View ArticleSecurity Advisory – High severity – WP-Statistics WordPress Plugin
Advisory for: WordPress WP-Statistics Plugin Security Risk: High (DREAD score : 7/10) Exploitation level: Easy/Remote Vulnerability: Stored XSS which executes on the administration panel. Patched...
View ArticleProtecting Against Unknown Software Vulnerabilities
Bugs exist in every piece of code. It is suggested that for every 1,000 lines of code, there are on average 1 to 5 bugs to be found. Some of these bugs can have security implications. These are known...
View ArticleWP Symposium – Zero Day Vulnerability Dangers
Our friends at SpiderLabs released a blog post today talking about the latest WP Symposium file upload vulnerability, and the attacks they have been seeing in the wild. This specific vulnerability was...
View ArticleCritical Microsoft IIS vulnerability Leads to RCE (MS15-034)
Microsoft just disclosed a serious vulnerability (MS15-034) on their Web Server IIS that allows for remote and unauthenticated Denial of Service (DoS) and/or Remote Code Execution (RCE) on unpatched...
View ArticleSecurity Advisory: Object Injection Vulnerability in WooCommerce
Security Risk: Dangerous Exploitation Level: Easy/Remote DREAD Score: 8/10 Vulnerability: Object Injection Patched Version: 2.3.11 During a routine audit for our WAF, we discovered a dangerous Object...
View ArticleMalicious Google Analytics Referral Spam
Robots (bots) have outnumbered people on the Internet for almost two years, and they browse much faster than your average visitor. Aside from spamming your comment systems and crawling for vulnerable...
View Article
