5 Types of Hackers & Why They Hack
Pilar Garcia When considering why hackers are attacking websites, you might think that there’s a specific reason they target you as a website owner—your business, your reputation,…
Browsing Category
Website Security
1026 posts
Multistage WordPress Redirect Kit
Ben Martin Recently, one of our analysts @kpetku came across a series of semi-randomised malware injections in multiple WordPress environments. Typical of spam redirect infections, the malware…
Analysis of a Phishing Kit (that targets Chase Bank)
Most of us are already familiar with phishing: A common type of internet scam where unsuspecting victims are conned into entering their real login credentials…
How Passwords Get Hacked
Joe Larson Can you think of an online service that doesn’t require a password? Everything on the internet requires a password. However, constantly creating and remembering new…
7 Ways to Secure Magento 1
Matt Morrow While unpatched installations of Magento 2 contain many vulnerabilities, I’m going to focus my attention on Magento 1 for this article. This is because Magento…
A Short History of Essay Spam (How We Got from Pills to Plagiarism)
From answering beginner questions like ‘What is SEO spam?’ to breaking down the spammers’ code and exactly how they hide their injections in compromised websites,…
Adobe Patches Critical Magento Vulnerabilities in Recent Update
Adobe has recently released several critical security patches for both their open source and commercial versions of their ecommerce platform. There are a total of…
Best Practices for Web Form Security
David Zomaya Web form security — the set of tools and practices intended to protect web forms from attacks and abuse — is one of the most…
Examining Unique Magento Backdoors
Liam Smith During a recent investigation into a compromised Magento ecommerce environment, we discovered the presence of five different backdoors that would provide attackers with code execution…
Stylish Magento Card Stealer loads Without Script Tags
Recently one of our analysts, Weston H., found a very interesting credit card stealer in a Magento environment which loads a malicious JavaScript without using…
Vulnerable Plugin Exploited in Spam Redirect Campaign
Some weeks ago a critical unauthenticated privilege escalation vulnerability was discovered in old, unpatched versions of the wp-user-avatar plugin. It also allows for arbitrary file…