Website Security News
When attackers shift up their campaigns, change their payload or exfiltration domains, and put some extra effort into hiding their malware it’s usually a telltale sign that they are making some money off of their exploits. One such campaign is the fake CloudFlare DDoS pages…
Read More about New Malware Variants Serve Bogus CloudFlare DDoS Captcha
Bad actors often look for clever ways to boost the rankings and visibility of their spam pages in search. One of the many black hat SEO injections that we regularly…
Read More about Gambling Spam in Visual Composer Raw HTML Element: [vc_raw_html]
There are a plethora of techniques that attackers use to redirect site visitors and harvest sensitive information on compromised websites. But when most webmasters think about securing their website, they…
Read More about What Is Clickjacking and How Do I Prevent It?
When a website is hacked symptoms can sometimes include unexpected, unfamiliar and strangely located favicon or .ico files. Other symptoms might include: ”This site may be hacked” warnings Strange redirects…
Read More about How to Find & Remove Malware in Favicon (.ico) Files
Since 2020 considerable attention has been spent analysing the emergence of MageCart malware within WordPress environments which most commonly affects sites using WooCommerce. As demonstrated in a previous post WordPress…
Read More about Examining Less-Common WordPress Credit Card Skimmers
It’s not uncommon for users to experience “DDoS Protection” pages when casually browsing the web. These DDoS protection pages are typically associated with browser checks performed by WAF/CDN services which…
Read More about Fake DDoS Pages On WordPress Sites Lead to Drive-By-Downloads
Earlier this June, we shared information about the ongoing NDSW/NDSX malware campaign which has been one of the most common website infections detected and cleaned by our remediation team in…
Read More about SocGholish: 5+ Years of Massive Website Infections
Social media platforms like Instagram and Twitter offer verification badges as a credibility indicator to help show authenticity and integrity to visitors. To obtain a badge, profiles must meet a…
Read More about Fake Instagram Verification & Twitter Badge Phishing
One of the quickest ways for an attacker to harvest financial data, credentials, and sensitive personal information is through phishing. These social engineering attacks can typically be found masquerading as…
Read More about DHL Phishing Page Uses Telegram Bot for Exfiltration
WebAssembly (also referred to as Wasm) is a binary instruction format that runs in the browser to enable high-performance applications on web pages and can be executed much faster than…
Read More about Cryptominers & WebAssembly in Website Malware
PrestaShop is a popular freemium open source e-commerce platform used by hundreds of thousands of webmasters to sell products and services to website visitors. While PrestaShop’s CMS market share is…
Read More about PrestaShop Skimmer Concealed in One Page Checkout Module
