Website Security News
In the last few months, we noticed an increase in attacks targeting ecommerce platforms aiming to steal credit card information. We saw a similar rise last year after the summer ended, and believe that trend will continue now that the holiday season is quickly approaching….
Read More about Ecommerce Security: Fake Jquery Used as CC Scraper
Website hackers are always changing tactics and borrowing ideas from each other. One of the challenges of website security is staying on top of those threats as they evolve. We…
Nov 2016 Update: If your Joomla or WordPress website is infected, check out our new, free, DIY guides to clean your site and prevent reinfection. Read the Joomla Guide Read…
Read More about jQuery.min.php Malware Affects Thousands of Websites
We recently investigated some random redirects on a WordPress website that would only happen to certain visitors. Traffic analysis showed us that it was not a server-side redirect, rather it…
Read More about Fake jQuery Scripts in Nulled WordPress Plugins
Google blacklisted a client’s website claiming that malicious content was being displayed from “forogozoropoto(dot)2waky (dot)com”. A scan didn’t reveal anything suspicious. The next step was to check all third-party scripts…
Read More about The Dangers of Hosted Scripts – Hacked jQuery Timers
A few days ago we posted in our Labs notes about a Fake jQuery website that is distributing malware. The domain was properly chosen to confuse the end-users ( jquery-framework.com…
Read More about Careful With Fake jQuery Website – jquery-framework. com
This just in, hot off the press, careful with the jQuery libraries you’re using on your websites. We received word from @chris_olbekson via Twitter about some hacks being reported on…
Read More about Fake jQuery Website Serving Redirection Malware
Weekly (kinda daily) malware update. You can track all our updates by following our malware_updates category. *If your site has been affected with any of these issues, contact us at…
Read More about Jquery4html.co.cc – Malware update – Fake AV Redirections
The malware attack that began as an installation of malicious Injectbody/Injectscr WordPress plugins back in February has evolved since then. Some of the changes were documented as updates at the bottom…
On February 8th, 2018, we noticed a new wave of WordPress infections involving two malicious plugins: injectbody and injectscr. These plugins inject obfuscated scripts, creating unwanted pop-up/pop-unders. Whenever a visitor…
Read More about Unwanted Pop-ups Caused by Injectbody/Injectscr Plugins
A few months ago, we covered two injections related to the “cloudflare.solutions” malware: a CoinHive cryptominer hidden within fake Google Analytics and jQuery, and the WordPress keylogger from Cloudflare[.]solutions. This…
Read More about Cloudflare[.]solutions Keylogger Returns on New Domains
