Website Security News

November 18, 2019Cesar Anjos

Down the Malware Rabbit Hole: Part II

In our last post in this series, we took a look at a code snippet that had been encoded in a very specific way — and hidden 91 layers deep. Today, we’ll reveal how attackers achieve this level of encoding and investigate one of the…

November 14, 2019Peter Kankowski

Mixed Content Warnings in Google Chrome

Migrating your website to HTTPS may seem like a simple task. Get the TLS/SSL certificate, install it on your web server, and you’re done. The real pain for large projects,…

November 13, 2019Krasimir Konov

Malicious Android Application Used in Phishing Scam

While we deal with a lot of phishing cases, we rarely see mobile applications used as part of a phishing campaign—these apps add a layer of complexity to the process…

November 11, 2019Luke Leal

Why Reinfections Happen with a WAF

A web application firewall (WAF) is a great way to detect and filter incoming malicious requests before they can exploit website vulnerabilities and security flaws. While a WAF helps protect…

November 9, 2019Denis Sinegubko

Vulnerable Versions of Adminer as a Universal Infection Vector

This past week, we’ve been monitoring a new wave of website infections mostly impacting WordPress and Magento websites. We found that hackers have been injecting scripts from scripts.trasnaltemyrecords[.]com into multiple…

November 7, 2019Denis Sinegubko

Skimmers for Both Magento and WordPress

We often write about malware that steal payment information from sites built with Magento and other types of e-commerce CMS. When discussing credit card skimmers like Magecart, it’s sometimes overlooked…

November 6, 2019Art Martori

Magento 1 End of Life

It’s no secret that a CMS without support will develop vulnerabilities. Eventually, these lead to a compromised website — which cripples any ecommerce business. When you consider the popularity of…

Pharma Spam Redirects to .su & .eu Sites

We regularly clean all sorts of black hat SEO infections. During these infection cleanups, we often find compromised websites redirecting visitors to fake “Canadian Pharmacy” landing pages selling counterfeit men’s…

October 31, 2019Josh Hammer

Halloween Tales of the IoT Crypt

In the spirit of Halloween, we bring you some of the scariest internet of things (IoT) hacks that we have been made aware of. While this does not really focus…

October 30, 2019Denis Sinegubko

Data URLs and HTML Entities in New WordPress Malware

Last week, an ongoing WordPress malware campaign started a new wave which included a variety of experimental injection types. Scripts as Data URLs The first type looks pretty similar to…

October 28, 2019Luke Leal

Fake French Police Sextortion Scam

There has been a noted increase in the number of sextortion scams during 2019. These scam campaigns are commonly distributed through email, but any method of digital communication can be…