24/7/365 access to a team of world-class, certified ethical hackers to repair and harden your website.
😱 Since Sunday, October 25, 2020, many US and French sites have been victims of cyber attacks to spread fundamentalist propaganda in a very tense diplomatic context… 🤨 ⚡️SECURELI.com provides an IMMEDIATE response TO PROTECT YOU from these attacks: 🎯 🎁 If your site is a victim of this attack: FREE REPAIR (100€ HT => …
Continue reading “SECURELI.com responds to ISIS attacks against French and US sites”
OctoberCMS is a CMS similar to WordPress, but with much less “fluff”. Our team identified the latest version of OctoberCMS relying on Bootstrap 3.3.7, jQuery 1.11.1, and jQuery 3.3.1. All of these dependencies are vulnerable. /october/themes/demo/assets/vendor/bootstrap.js ↳ bootstrap 3.3.7 has known vulnerabilities: severity: high; issue: 28236, summary: XSS in data-template, data-content and data-title properties of …
Continue reading “OctoberCMS Web Application Open Source Dependency Vulnerability”
WordPress is a platform super popular for hackers, as it powers ~70% of the websites online. The most common way they are hacked are due to outdated core versions of WordPress, insecure plugins, and insecure themes. We decided to create a script that would allow us to quickly identify if a website was vulnerable to …
“Hacker101 is a free class for web security. Whether you’re a programmer with an interest in bug bounties or a seasoned security professional, Hacker101 has something to teach you.” https://github.com/tidave85/hacker101 suffers from the following open source dependency vulnerabilities. /hacker101/assets/javascript/bootstrap/bootstrap.bundle.min.js ↳ bootstrap 4.1.0 has known vulnerabilities: severity: high; issue: 28236, summary: XSS in data-template, data-content and …
Continue reading “Hacker101 jQuery Dependency Vulnerability”
https://github.com/Saamyy/kotlin suffers from the following open source dependency vulnerabilities, relying on an outdated version of jQuery. /kotlin/libraries/examples/browser-example/src/js/jquery.js ↳ jquery 1.6.2 has known vulnerabilities: severity: medium; CVE: CVE-2011-4969, summary: XSS with location.hash; https://nvd.nist.gov/vuln/detail/CVE-2011-4969 http://research.insecurelabs.org/jquery/test/ https://bugs.jquery.com/ticket/9521 severity: medium; CVE: CVE-2012-6708, bug: 11290, summary: Selector interpreted as HTML; http://bugs.jquery.com/ticket/11290 https://nvd.nist.gov/vuln/detail/CVE-2012-6708 http://research.insecurelabs.org/jquery/test/ severity: medium; issue: 2432, summary: 3rd party …
Continue reading “Kotlin v1.3.60 Programming Language Vulnerability”
The hardest challenges are the ones that constantly change. Malicious website software has recently seen an influx in self-replicating, polymorphous code that infects a website (and thus, web server) with remote code execution access to launch additional attacks and compromise the data on the breached website and server. In a recent incident, we cleaned a …
Continue reading “Self Replicating, Polymorphic Website Malware”
Maybe your client’s site got hacked, it’s time for a security checkup, or you’re tired of telemarketers terrorizing your phone lines with the vulnerabilities sales pitch. Despite the hype, the threat is real. WordPress makes up 90% of hacked CMS sites, reports ZDNet the CBS-owned technology news site. It’s doubly dangerous when your client’s business …
Continue reading “3 Ways to Prepare for WordPress Website Malware in 2020”
Your Guide to Hacked WordPress Repair If you run a website, you have to be prepared for the reality that it could be hacked at some point. Dealing with a hacked website can be stressful, and when it’s a WordPress site specifically, it can be even more frustrating because repairs won’t be the same as …
Continue reading “Your DIY Guide to Hacked WordPress Repair”
Hacked Website Repair: What You Should Know If your website is hacked, you may find yourself in a situation where you aren’t sure what to do or who to call. The good news is that there is no need to panic. Help is available and there are even some things that you can do yourself …
Continue reading “Hacked Website Repair: What You Should Know”
When a plain-text password form field is found by Google Chrome, it will reveal all passwords on that primary domain. For example, take a look at the following code and screenshot: <input class=”form-control secure_password required password fs-hide” data-install-name=”secureli” id=”ftp_user_pass_new” required=”required” aria-required=”true” autocomplete=”new-password” type=”text” name=”ftp_user[pass]”> By checking the “Show Password” button, as shown below… …the auto-complete …
Continue reading “Password Leak – Version 76.0.3809.132 (Official Build) (64-bit)”
