Category Archives 911 Hack Removal

Cross Site Scripting XSS - Astra Security

Cross-Site Scripting (XSS) attacks are stated as one of the most rampant occurring yet easily fixable injection attack faced by e-commerce businesses and a variety of other web applications. From targeting applications built on archaic web technologies to newer ones using rich, client-side UIs, XSS has plagued them all. However, it is imperative to realize that vulnerabilities posing as a…

Magento-Module-XSS-AffiliatePlus-GetAstra.com

A couple of weeks ago, we were performing a security scan for a customer using Magento shop. While auditing their website our team found a critical vulnerability in Affiliate Plus module. According to Affiliate Plus' website, 7000+ stores use the extension. This Affiliate Plus Magento module XSS vulnerability leaves a number of Magento stores vulnerable. About Affiliate Plus Magento Module XSS When logged…

Lately, Magento has been in news owing to frequent notorious attacks on it's payment security system. A recent case of Magento attack witnessed credit card scrapers targeting the payment security system of Magento stores in order to steal paramount credit card information. Consequently, Magento has been wary of vulnerabilities in its system and in a prudent attempt, regularly releases security patches as…

User data of Uber, Fitbit, Ok Cupid, 1Password  and leading companies was risked for weeks together due to a critical CloudFlare vulnerability.  The 'Cloudbleed Bug' was caused because of  servers running past the buffer and returning memory containing private information. Something similar was seen in the heartbleed bug reported in 2014 too. The vulnerability was reported by Google security researcher Tavis Ormandy. Graham-Cumming, CTO…

John Carlin, chief in-charge of Nation Security Division at the Justice Department of United States talked about web security shortcomings in US elections and how European election could be tampered with using various hacking attempts. Several members of Democratic party including various Obama administration officials have criticized U.S response to hacking during the elections last year. Servers of democratic party…

A critical privilege injection vulnerability has been reported in WordPress 4.70 and 4.71. The vulnerability allows an unauthenticated hacker to modify content of a page/post in WordPress site. The vulnerability was found in the REST API added by WordPress in one of its recent release. As soon as the vulnerability was discovered, WordPress security team worked on the patch and…

Free Website Security Scanner

Close