Website Security News
A new remote code execution (RCE) zero-day vulnerability has been disclosed by an anonymous researcher on the full disclosure mailing list this past Monday. This vulnerability is extremely severe. It allows any website visitors to run PHP code and shell commands on the site’s underlying…
If you have an ecommerce website, you are certainly concerned about its security. Business revenue depends on your online presence and having a website compromise is far from desirable. In…
The final actor of the stolen payment data supply chain is the end user. Rather than just selling or reselling payment data, the end user plans on fraudulently monetizing it….
Read More about Stolen Payment Data: Infected Ecommerce Website to Darknet Markets
These days, the majority of store owners opt-in for the easiest closed-source ecommerce platform options. For the most part, these platforms typically allow users to customize a template, as well…
Read More about Closed Source E-commerce Platforms Can Be Compromised
We have recently published posts regarding banking malware and some of the ways it uses compromised websites to infect victim’s devices (smartphones, computers, POS terminals). Now let us look into…
Read More about How Stolen Ecommerce Data is Sold on the Darknet
Due to the poor handling of a vulnerability disclosure, a new attack vector has appeared for the WooCommerce Checkout Manager WordPress plugin and is affecting over 60,000 sites. If you…
Read More about Insufficient Privilege Validation in WooCommerce Checkout Manager
We recently noticed an interesting example of network infrastructure resources being used over a period of time by more than one large scale malware campaign (e.g redirected traffic, cryptomining). This…
Read More about Malware Campaigns Sharing Network Resources: r00ts.ninja
This is the last post in our series on E-commerce Security: Intro to Securing an Online Store – Part 1 Intro to Securing an Online Store – Part 2 Today,…
Read More about E-Commerce Security – Planning for Disasters
We’re seeing an increase in the number of cases where attackers are disabling WordPress sites by removing or rewriting its wp-config.php file. These cases are all linked to the same vulnerable software:…
As part of our regular research audits for our Sucuri Firewall, we discovered an SQL Injection vulnerability affecting the YITH WooCommerce Wishlist plugin for WordPress. This plugin allows visitors and…
Read More about SQLi Vulnerability in YITH WooCommerce Wishlist
Shopping season is here, and with that, so is the opportunity for ecommerce site owners to grow their revenue and reputation. However, hackers are also busy infecting ecommerce websites with…
Read More about Risks For E-commerce Site Owners Through the Holidays
