Ben Martin

102 posts

Ben Martin is a security analyst and researcher who joined the company in 2013. Ben's main responsibilities include finding new undetected malware, identifying trends in the website security world, and, of course, cleaning websites. His professional experience covers more than a decade of working with infected websites of every variety with a special focus on eCommerce / credit card theft malware. When Ben isn't slaying malware you might find him producing music, gardening, or skateboarding around Victoria.

Server Side Data Exfiltration via Telegram API

Vulnerable Plugin Exploited in Spam Redirect Campaign

Ben Martin
July 21, 2021

Some weeks ago a critical unauthenticated privilege escalation vulnerability was discovered in old, unpatched versions of the wp-user-avatar plugin. It also allows for arbitrary file…

Read the Post

An Overview of Basic WordPress Hardening

Ben Martin
July 14, 2021

We have discussed in the past how out-of-the-box security configurations tend to not be very secure. This is usually true for all software and WordPress…

Read the Post

Magecart Swiper Uses Unorthodox Concatenation

Ben Martin
July 7, 2021

MageCart is the name given to the roughly one dozen groups of cyber criminals targeting e-commerce websites with the goal of stealing credit card numbers…

Read the Post

Online Credit Card Theft – A Brief Overview of Online Fraud and Abuse – Part 2

Ben Martin
June 30, 2021

In my previous post about ecommerce credit card swipers I described the general overview of the online ecommerce environment as well as some of the…

Read the Post

Online Credit Card Theft – A Brief Overview of Online Fraud and Abuse – Part 1

Ben Martin
June 23, 2021

Many clients that we work with host and operate ecommerce websites which are frequent targets of attackers. The goal of these attacks is to steal…

Read the Post

Malicious Redirects Through Bogus Plugin

Ben Martin
June 17, 2021

Recently we have been seeing a rash of WordPress website compromises with attackers abusing the plugin upload functionality in the wp-admin dashboard to redirect visitors…

Read the Post

WooCommerce Credit Card Swiper Hides in Plain Sight

WooCommerce Credit Card Skimmer Hides in Plain Sight

Ben Martin
May 28, 2021

Recently, a client’s customers were receiving a warning from their anti-virus software when they navigated to the checkout page of the client’s ecommerce website. Antivirus…

Read the Post

Object Injection Vulnerability Affects WordPress Versions 3.7 to 5.7.1

Ben Martin
May 17, 2021

If you haven’t updated your WordPress website since October 2013, this wouldn’t affect you, but we strongly hope that is not the case! There’s a…

Read the Post

Server Side Scans and File Integrity Monitoring

What is File Integrity Monitoring (FIM)?

Ben Martin
May 13, 2021

What is file integrity monitoring? File Integrity Monitoring (FIM) is a security measure that checks and compares files against a known baseline to detect any…

Read the Post

WordPress Continues to Fall Victim to Carding Attacks

Ben Martin
April 14, 2021

Unsurprisingly, as WordPress continues to increase in popularity as an e-commerce platform, attackers continue to attempt to steal credit card information from unsuspecting clients. Currently, the WordPress plugin WooCommerce accounts for roughly a quarter of all…

Read the Post

Bogus CSS Injection Leads to Stolen Credit Card Details

Ben Martin
January 5, 2021

A client recently reported their customers were receiving antivirus warnings when trying to access and purchase products from a Magento ecommerce website. This is almost…

Read the Post