Compromised OpenCart Payment Module Steals Credit Card Information
Ben Martin Today’s story starts much the same as many others on this blog: A new client came to us reporting that credit card details were being…
Critical Security Update for Magento Open Source & Adobe Commerce
Last week on August 8th, 2023, Adobe released a critical security patch for Adobe Commerce and the Magento Open Source CMS. The patch provides fixes…
From Google DNS to Tech Support Scam Sites: Unmasking the Malware Trail
Denis Sinegubko A vast majority of website malware employ the ever-familiar HTTP/HTTPS protocols for its malicious activities. But, we also periodically confront more interesting hybrid malware leveraging…
SiteCheck Remote Website Scanner — Mid-Year 2023 Report
Conducting an external website scan for indicators of compromise is one of the easiest ways to identify security issues. While remote scanners may not provide…
WordPress Vulnerability & Patch Roundup July 2023
Cesar Anjos Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes…
Abandoned US Congressional Website Used in Asian Gambling Spam Infection
Website owners and developers tend to buy a lot of domains. With different projects on the go and working with multiple different clients at any…
How to Scan a Website for Vulnerabilities
Rianna MacLeod Even the most diligent site owners should consider when they had their last website security check. As our own research indicates, infections resulting from known…
How to Recognize & Avoid Phishing Emails: A Cautionary Tale
Matt Morrow We’ve all received spam and phishing emails — our inboxes are often full of them. They let us know that our package is being delivered…
Massive Google Colaboratory Abuse: Gambling and Subscription Scam
This investigation started with a small and quite simple piece of PHP malware found on a hacked website. We located the following PHP code, responsible…
Malicious Injection Redirects Traffic via Parked Domain
Puja Srivastava During a recent investigation, our malware remediation team encountered a variant of a common malware injection that has been active since at least 2017. The…
How to Harden WordPress: A Basic Overview
Out-of-the-box security configurations tend to not be very secure. This is usually true for all software and WordPress is no exception. Best practices suggest you…