Website Security News
In the past few months, we have frequently seen how attackers are infecting Magento installations to scrape confidential information such as credit cards, logins, and PayPal credentials. That is why we have reported on a credit card stealer reinfector of Magento websites in one of our…
After a series of critical Drupal vulnerabilities disclosed this spring, it’s not surprising to see a surge of massive Drupal infections like this one: Massive #Drupal infection that redirects to…
After a successful compromise, backdoors are frequently left behind and function as a point of re-entry into the website environment. These malicious pieces of code are a valuable tool for…
Last week, we described how an ongoing massive malware campaign began using Baidu search result links to redirect people to various ad and scam pages. It didn’t last long. Soon…
Recently, I analyzed a malware sample provided by our analyst Edward C. Woelke and noticed that it had been placed in a core WordPress folder. This seemed suspicious, since no…
A few months ago, we covered two injections related to the “cloudflare.solutions” malware: a CoinHive cryptominer hidden within fake Google Analytics and jQuery, and the WordPress keylogger from Cloudflare[.]solutions. This…
Read More about Cloudflare[.]solutions Keylogger Returns on New Domains
Recently we wrote about how GitHub/GitHub.io was used in attacks that injected cryptocurrency miners into compromised websites. Around the same time, we noticed another attack that also used GitHub for…
Read More about Malicious Website Cryptominers from GitHub. Part 2.
Update Dec. 8 2017: The cloudflare[.]solutions domain has now been taken down. A few weeks ago, we wrote about a massive WordPress infection that injected an obfuscated script pretending to be…
Read More about Cloudflare[.]Solutions Keylogger on Thousands of Infected WordPress Sites
Last month we wrote about how the emergence of website cryptocurrency miners resulted in hackers abusing the technology by injecting the CoinHive miners into compromised sites without the consent of…
Over the summer, we’ve seen waves of WordPress database infections that use vulnerabilities in tagDiv’s Newspaper/Newsmag themes or InterconnectIT Search and Replace scripts (searchreplacedb2.php). The injections range from ad scripts…
Read More about Old Themes, Abandoned Scripts and Pitfalls of Cleaning Serialized Data
Hackers are constantly scanning the internet for exploitable sites, which is why even small, new sites should be fully patched and protected. At the same time, it is not feasible…
Read More about Mining Adminers – Hackers Scan the Internet For DB Scripts
