Website Security News
Our Senior Malware Engineer, Fioravante Cavallari, is at it again. I think he has made it his personal mission in life to expel all Joomla hacks, he loves them that much – true story.. 😉 In all seriousness, he found another gem yesterday. It’s well…
Read More about Website Malware – Fixing Joomla SPAM Hacks – Conditional Payloads
The AnonymousFox hack targets insecure websites and actively exploits them to spread phishing, spam, and other malware. A major nuisance for website owners, it also happens to be one of…
Read More about How to Find & Clean Up the AnonymousFox Hack
The number of credit card skimmers targeting WooCommerce websites has skyrocketed over the past year, and threat actors have become increasingly creative in the different ways they obfuscate their payloads…
Our 2021 Website Threat Research Report details our findings and analysis of emerging and ongoing trends and threats in the website security landscape. We’ve put together this analysis to help…
One of the more common infections that we see are site-wide redirects to spam and scam sites, achieved by attackers exploiting newly found vulnerabilities in popular WordPress plugins. If you’ve…
Read More about Attackers Abuse Poorly Regulated Top-Level Domains in Ongoing Redirect Campaign
On Sunday, February 13th, Adobe pushed an emergency update to their Magento2 ecommerce software patching a critical unauthenticated remote code execution vulnerability. It is marked as CVE-2022-24086 with a CVSS…
Read More about Adobe Patches Critical RCE Vulnerability in Magento2
The holidays are always a busy time for ecommerce stores. Dealing with an influx of Christmas shoppers, holiday sales and inventory, shipping, and at times, also hackers. Today’s investigation starts…
Read More about WooCommerce Skimmer Uses Fake Fonts and Favicon to Steal CC Details
Security researchers at Automattic recently reported that the popular WordPress plugin and theme authors AccessPress were compromised and their software replaced with backdoored versions. The compromise appears to have taken…
Read More about AccessPress Themes Hit With Targeted Supply Chain Attack
Cryptocurrency mining malware is typically a stealthy malware that farms the resources on a system (computers, smartphones, and other electronic devices connected to the internet) to generate revenue for the…
Most of us are already familiar with phishing: A common type of internet scam where unsuspecting victims are conned into entering their real login credentials on fake pages controlled by…
Read More about Analysis of a Phishing Kit (that targets Chase Bank)
During a recent investigation into a compromised Magento ecommerce environment, we discovered the presence of five different backdoors that would provide attackers with code execution capabilities. The techniques used by…
