Malicious Redirections on Disabled Sites
Cesar Anjos It’s quite common for attackers to compromise your website and make use of it for their phishing campaigns. The most typical method they use is…
Backdoor abusing of PHP tricks
Fernando Barbosa During an incident response process, we found a very interesting malicious code abusing some PHP tricks. Attackers placed the malware at the end of a…
Credentials Stealer on Prestashop
Conrado Torquato In a matter of hours, a big e-commerce website can have hundreds of credit card numbers stolen and used by attackers on other websites around…
Backdoors abusing of spaces
Lately we’ve seen more backdoors that have some specific characteristics, like using several spaces between the code and processing information coming from POST requests. Attackers…
Accounting for Defense in Depth in Website Security
Tony Perez In the field of Information Security (InfoSec) we like to use the phrase defense in depth. Like many things, it is a borrowed term with…
Session Stealer Script on OpenCart CMS
Bruno Zanelato With so many open-source ecommerce platforms available in the market, creating an online shop is as easy as ABC. In less than five minutes you…
Magento Credit Card Swiper Exports to Image
Ben Martin Over the past year we have seen a rash of credit card swipers in Magento and other ecommerce-based websites. In fact, we have been finding…
WP Marketplace Attack in the Wild
Denis Sinegubko A few days ago, colleagues from White Fir Design disclosed an arbitrary file upload vulnerability in the WP Marketplace plugin and helped remove it from…
Security Through Confusion – The FUD Factor
Daniel Cid The FUD factor has been employed by sales and marketing teams from multiple industries for decades. It stands for fear, uncertainty, and doubt (FUD) and…
Ask Sucuri: Is My Website Hacked?
Having your website hacked can be a devastating experience for any website owner. Unfortunately, many website owners rarely know they are infected until days, if…
Mage.js CC Stealer. The Database Version.
Yuliyan Tsvetkov Every day we find many Magento credit card stealers injected into different files: modules, core files, themes. Magento database is not an an exception. For…