Another sample of a Magento compromise for profit
John Castro We are often seeing malicious code being used to steal credit card details and sensitive information from compromised Magento sites, but this one caught our…
Magento Credit Card Stealer for Braintree Extension
We regularly find and write about malware that steals credit card details from Magento sites because attackers discover new techniques to obtain sensitive data daily.…
WP Mobile Detector Vulnerability Being Exploited in the Wild
Douglas Santos ***Update: The WP Mobile Detector plugin has been patched to address the vulnerability. Please update as soon as possible. Note that the latest version don’t…
Infected websites being used to distributed denial of service attacks
Bruno Zanelato After a website is compromised, it can be misused in multiple ways. We often see it being used on Spam SEO campaigns or to distribute…
Drupal SQLi (Drupalgeddon) Attack Trend CVE-2014-3704 / SA-CORE-2014-005
Daniel Cid It has been over 19 months since Drupalgeddon, which refers to Drupal’s Security Advisory (SA) SA-CORE-2014-005. For those unfamiliar with it, it was a highly…
File Uploader in Drupal Database
Fernando Barbosa It’s very common to see backdoors such as uploaders among site’s files. However, we have seen more often cases where file uploaders, mainly in Drupal…
Security Advisory: Stored XSS in Jetpack
Marc-Alexandre Montpas During regular research audits for our Sucuri Firewall (Cloud WAF), we discovered a stored XSS vulnerability affecting the WordPress Jetpack plugin, currently installed on more…
PCI for SMB: Requirement 1- Install and Maintain a Firewall
Update: Read our new PCI Compliance guide. If you have an ecommerce website, allowing you to accept credit cards on your site, PCI compliance should…
Magento CC stealer adding user’s credentials to the loot
While analyzing a compromised Magento site, we found another Credit Card (CC) stealer variation. We posted a few times about this type of malware, but…
Nulled WordPress Themes: Malvertising and Black Hat SEO
Denis Sinegubko If you have been following our blog for some time, you know that we regularly warn about risks associated with the use of third-party software on…
Credit Card Stealer on OpenCart CMS
Cesar Anjos We have previously analyzed many Credit Card stealers code, specially targeting the Magento platform: Magento Malware Emails Stolen Credit Card Details to Hackers Magento script…