Website Security News
MageCart is the name given to the roughly one dozen groups of cyber criminals targeting e-commerce websites with the goal of stealing credit card numbers and selling them on the black market. They remain an ever-growing threat to website owners. We’ve said many times on…
Read More about Magecart Swiper Uses Unorthodox Concatenation
In my previous post about ecommerce credit card swipers I described the general overview of the online ecommerce environment as well as some of the reasons behind why websites become…
Read More about Online Credit Card Theft – A Brief Overview of Online Fraud and Abuse – Part 2
Many clients that we work with host and operate ecommerce websites which are frequent targets of attackers. The goal of these attacks is to steal credit card details from unsuspecting…
Read More about Online Credit Card Theft – A Brief Overview of Online Fraud and Abuse – Part 1
Recently, a client’s customers were receiving a warning from their anti-virus software when they navigated to the checkout page of the client’s ecommerce website. Antivirus software such as Kaspersky and…
Read More about WooCommerce Credit Card Skimmer Hides in Plain Sight
If you haven’t updated your WordPress website since October 2013, this wouldn’t affect you, but we strongly hope that is not the case! There’s a new object injection vulnerability which…
Read More about Object Injection Vulnerability Affects WordPress Versions 3.7 to 5.7.1
Unsurprisingly, as WordPress continues to increase in popularity as an e-commerce platform, attackers continue to attempt to steal credit card information from unsuspecting clients. Currently, the WordPress plugin WooCommerce accounts for roughly a quarter of all online stores. Over recent years,…
Read More about WordPress Continues to Fall Victim to Carding Attacks
Nowadays, the term DDoS probably raises the heart rate of most webmasters. Though many don’t know exactly what a DDoS attack is, they do know the effect: an extremely sluggish…
The official PHP git repository, http://git.php.net/, was compromised this Sunday, March 28. An attacker was able to modify the PHP source code twice and inject a backdoor into it. Thankfully,…
As much as the web has grown, surprisingly not a lot has changed in how websites get hacked. The most important thing you can do in keeping the web –…
When it comes to an organization’s security, business email compromise (BEC) attacks are a big problem. One primary reason impacts are so significant is that attacks often use a human…
Over the past year, there’s been an increasing trend of WordPress malware using SQL triggers to hide malicious SQL queries within compromised databases. These queries inject an admin level user…
