Revslider, a widely-used WordPress plugin, has come under scrutiny due to a security vulnerability found in its config.php file. This exposure raises concerns for site owners using vulnerable versions of this plugin. It's crucial to understand the risks associated with this vulnerability and the necessary steps to protect your website. Nature of the Vulnerability The […]

Malware injection remains a significant threat to websites and applications globally. This article discusses what malware injection is, how it occurs, and best practices for prevention. What is Malware Injection? Malware injection is a technique used by cybercriminals to insert malicious code into a legitimate program or a website. This code can exploit vulnerabilities in […]

Revslider, a widely-used WordPress plugin, has come under scrutiny due to a security vulnerability found in its config.php file. This exposure raises concerns for site owners using vulnerable versions of this plugin. It's crucial to understand the risks associated with this vulnerability and the necessary steps to protect your website. Nature of the Vulnerability The […]

Malware injection remains a significant threat to websites and applications globally. This article discusses what malware injection is, how it occurs, and best practices for prevention. What is Malware Injection? Malware injection is a technique used by cybercriminals to insert malicious code into a legitimate program or a website. This code can exploit vulnerabilities in […]

As you know, recently we’ve released multiple security patches for the Drupalgeddon vulnerabilities. The last one was Drupal Remote Code Execution - SA-CORE-2018-004, CVE-2018-7602, patched only 2 days after it was first discovered. We’re very proud of our quick reaction time and would like to share some statistics with you about the attacks that were […]

Where it all began Kevin David Mitnick is one of the most famous hackers. At age 13 Mitnick used dumpster dicing and social engineering to bypass the bus ticketing system in Los Angeles, this way he was able to ride the LA area using unused transfer slips. First big step His first unauthorized access to […]

By now, you are likely aware that on May 25, 2018, a new data privacy law introduced in Europe called the General Data Protection Regulation (GDPR) will go into effect. GDPR govern how businesses collect, use and share personal data and it allows individuals to exercise their legal rights. Of course, we have taken the […]

People can never rest. We thought that after the last serious Drupal vulnerablity finally we can rest, but a new threat came up which is including GPON routers made by Dasan. GPON is a type of Passive Optical Network (PON) used to provide fiber connections. It is being used to provide short haul fiber connections […]

Third critical Drupal vulnerability discovered!!! Those who are running a Drupal website couldn’t have a rest over the past few weeks. This is the third time when Drupal recommends to update these sites. During exploring the previous remote code execution (RCE) vulnerability, the CVE-2018-7600, the team discovered a new RCE vulnerability (CVE-2018-7602). If  you or […]

Our team has attended the CloudFest back in March where during the security panel we have attended a presentation about the importance of security by design an important thing in terms of responsibility and suggested OWASP as a standard to start with. In this blog post we would like to show, why it is important […]

CloudFest 2018 – The Security Panel Attending at Cloudfest (formerly known as WHD.Global) is always the highlight of the year event-wise. Catching up with our partners, having lively debates about new technologies and learning from industry leaders are things we always go for. As our ninjas attended in incognito this time – only as attendees, […]

The beta version of WAF 2.0 is performing much better than we expected. The feedback we’ve been receiving about it is truly fascinating. More and more people are realizing just how powerful this module is. It’s already – effectively protecting – hundreds of servers against SQL injections, XSS attacks, command injections, directory traversal, data leakage and […]

2 days ago, a serious vulnerability, SA-CORE-2018-002 (CVE-2018-7600) has been found in Drupal 6, 7 and 8, which affects over one million websites. All the unpatched Drupals are in serious danger! An attacker can upload backdoors or malware via this newly discovered vulnerability. The vulnerability is scored 21/25 Highly Critical! Details of the vulnerability: This […]

Web applications typically use authentication mechanisms to prevent unauthorized users from accessing protected resources. However, attackers often search for weaknesses in these systems, with username enumeration being a common method to identify valid usernames in a system. This article will discuss various ways to identify valid usernames on any WordPress website, along with tips to […]

MySQL is the world's second most widely used relational database management system (RDBMS) and the most widely used open-source RDBMS. Its popularity makes it a target for cybercriminals, leading to numerous brute-force attack tools readily available on the Internet. What is a Brute-Force Attack? A brute-force attack is a method used by attackers to gain […]

SQL Injection is a type of attack aimed at exploiting vulnerabilities in an application's software. Attackers insert malicious SQL code into input fields, which the application executes against its database. This can lead to unauthorized access to sensitive information, data loss, or even complete system compromise. Recent Vulnerability Overview One significant SQL injection vulnerability has […]