Vulnerabilities Digest: July 2020
John Castro Relevant Plugins and Vulnerabilities: Plugin Vulnerability Patched Version Installs Asset CleanUp: Page Speed Authenticated XSS 1.4.6.7 80000 Quiz And Survey Master Authenticated Stored XSS 7.0.0…
Browsing Category
Ecommerce Security
151 posts
Reverse String WooCommerce WordPress Credit Card Swiper
Ben Martin As 2020 continues to be the worst year in almost anybody’s lifetime, allow me to take this opportunity to stoke the fires of your existential…
Spox Phishing Kit Harvests Chase Bank Credentials
Luke Leal Phishing kits are the back end components to a phishing attack and are often designed to make it easier to deploy a phishing page. These…
Pirated WordPress Plugins Bundled with Backdoors
One widespread belief among webmasters is that attackers typically only compromise websites in a couple of ways: by exploiting vulnerabilities or stealing login credentials. Although…
Evasion Tactics in Hybrid Credit Card Skimmers
Denis Sinegubko The most common type of Magento credit card stealing malware is client-side JavaScript that grabs data entered in a checkout form and sends it to…
WordPress Malware Collects Sensitive WooCommerce Data
During a recent investigation, our team found malicious code that reveals how attackers are performing reconnaissance to identify if sites are actively using WooCommerce in…
Vulnerabilities Digest: April 2020
Relevant Plugins and Vulnerabilities: Plugin Vulnerability Patched Version Installs Widget Settings Importer/Exporter Stored XSS Closed 40000 Accordion Stored/Reflected XSS 2.2.9 30000 Support Ticket System By…
Web Skimmer With a Domain Name Generator – Follow Up
This note is a follow up to our recent post about a web skimmer that uses a dynamic domain name generating algorithm. This week, analyst…
PinnacleCart Server-Side Skimmers and Backdoors
While open-source ecommerce platforms are the most common targets for web skimmers, hackers also target paid-for software — especially if it’s used on high-profile online…
Analysis of a WordPress Credit Card Swiper
While working on a recent case, I found something on a WordPress website that is not as common as on Magento environments: A credit card…
3-D Secure SMS-OTP Phishing
One of our remediation analysts Eli Trevino recently discovered a phishing page informing victims about fake Netflix service disruptions, supposedly due to problems with the…