Thanks to the rapid growth of JavaScript frameworks such as Angular, Vue, and React, CORS has become a popular word in the developer’s vocabulary. When requesting information from an external source such as an API (a pretty common practice for…
On this week’s episode of Think Like a Hacker, we chat about the cross-site request forgery (CSRF) vulnerability found in the Child Theme Creator by Orbisius and how attackers could use a vulnerability like this with spearphishing to wreak havoc,…
Shopping season is here, and so is the opportunity for ecommerce site owners to grow their business and generate revenue. In lieu of the changing global ecommerce climate that this pandemic has produced, comes the importance of securing your website…
October is National Cyber Security Awareness Month, and we’re back with analyst Antony Garand to take a deeper look into cross site scripting (XSS) attacks and WordPress plugin vulnerabilities. Plus, host Justin Channell will catch you up on the latest…
During a recent investigation, a Magento admin login phishing page was found on a compromised website using the file name wp-order.php. This is an odd file name choice for a Magento phishing page, but nevertheless it successfully loads a legitimate…
On September 9, 2020, our Threat Intelligence team discovered a vulnerability in Child Theme Creator by Orbisius, a WordPress plugin installed on over 30,000 sites. This flaw gave attackers the ability to forge requests on behalf of an administrator in…
During a recent investigation, we found an infected website was redirecting to YouTube after its main index.php file had been modified to include the following line of HTML: <meta http-equiv=’refresh’ content=’2;url=https://youtu.be/fsqzjDAO2Ug’> This technique works because it’s possible to use HTML…
The responsibility of ensuring that a website is protected falls on the website owner, but the security expectation may fall on the web service provider too. As a professional, you are the trusted party and first point of contact. Much…