Website Security News
We regularly talk about brute force attacks on WordPress sites and explain why WordPress credentials should always be unique, complex, and hard to guess. However, the WordPress login is not the only point of entry that hackers use to break into sites. Since the WordPress…
Read More about WordPress Database Brute Force and Backdoors
Our malware analyst Liam Smith recently found malware on a client’s site that targets ecommerce sites powered by AmeriCommerce software. A popular ecommerce software solution that allows users to run…
With the end of November comes the height of the holiday shopping season — specifically Black Friday and Cyber Monday sales, which typically span the last calendar days of November…
Read More about Black Friday/Cyber Monday Ecommerce Security Threats
A new remote code execution (RCE) zero-day vulnerability has been disclosed by an anonymous researcher on the full disclosure mailing list this past Monday. This vulnerability is extremely severe. It…
If you have an ecommerce website, you are certainly concerned about its security. Business revenue depends on your online presence and having a website compromise is far from desirable. In…
The final actor of the stolen payment data supply chain is the end user. Rather than just selling or reselling payment data, the end user plans on fraudulently monetizing it….
Read More about Stolen Payment Data: Infected Ecommerce Website to Darknet Markets
These days, the majority of store owners opt-in for the easiest closed-source ecommerce platform options. For the most part, these platforms typically allow users to customize a template, as well…
Read More about Closed Source E-commerce Platforms Can Be Compromised
We have recently published posts regarding banking malware and some of the ways it uses compromised websites to infect victim’s devices (smartphones, computers, POS terminals). Now let us look into…
Read More about How Stolen Ecommerce Data is Sold on the Darknet
Due to the poor handling of a vulnerability disclosure, a new attack vector has appeared for the WooCommerce Checkout Manager WordPress plugin and is affecting over 60,000 sites. If you…
Read More about Insufficient Privilege Validation in WooCommerce Checkout Manager
We recently noticed an interesting example of network infrastructure resources being used over a period of time by more than one large scale malware campaign (e.g redirected traffic, cryptomining). This…
Read More about Malware Campaigns Sharing Network Resources: r00ts.ninja
This is the last post in our series on E-commerce Security: Intro to Securing an Online Store – Part 1 Intro to Securing an Online Store – Part 2 Today,…
Read More about E-Commerce Security – Planning for Disasters
