Impedance mismatch: a hacker’s best friend.

A security application, such as a Web Application Firewall or an Anti-Virus, can be vulnerable to impedance mismatch attacks if it interprets traffic and input differently…

Hackers targeting web hosts customer accounts.

Companies such as web hosts, registrars and CDNs have become a prime target for hackers. Because they host your DNS, hackers can alter them and reroute…

Arbitrary file upload vulnerability in WordPress Delete-All-Comments plugin.

On November 20th, while auditing a hacked WordPress website, we identified a critical vulnerability in the Delete All Comments WordPress plugin v2.0, which has over 30,000…

Latest Joomla! critical vulnerability being actively exploited in the wild.

Joomla! 3.6.4 was released on October 25. It fixed three critical vulnerabilities: CVE-2016-8869, CVE-2016-8870 and CVE-2016-9081. The third one was discovered two days later. Someone published…

Blocking a WordPress XML-RPC attack with the Linux kernel firewall.

One of our customers faced a large attack against his WordPress blog xmlrpc.php script. When I connected to his server, the CPU load was over 100.…