From Web3 Drainer to Distributed WordPress Brute Force Attack
Denis Sinegubko Two weeks ago we discussed a new development in website hacks: Web3 crypto wallet drainers. We’ve been closely following the most significant variant which injects…
Browsing Tag
Malware Updates
194 posts
New Wave of SocGholish cid=27x Injections
On November 15th, Ben Martin reported a new type of WordPress infection resulting in the injection of SocGholish scripts into web pages. The attack loads…
WooCommerce Credit Card Skimmer Uses Telegram Bot to Exfiltrate Stolen Data
Ben Martin Our story starts like many others told on this blog: A new client came to us with reported cases of credit card theft on their…
Smilodon Credit Card Skimming Malware Shifts to WordPress
WordPress’ massive market share has come with an unsurprising side effect: As more and more site admins turn to popular plugins like WooCommerce to turn…
Online Credit Card Theft – A Brief Overview of Online Fraud and Abuse – Part 2
In my previous post about ecommerce credit card swipers I described the general overview of the online ecommerce environment as well as some of the…
Vulnerabilities Digest: June 2020
John Castro Highlights for June 2020 Cross site scripting is still the most common vulnerability in WordPress Plugins. Bad actors are taking advantage of the lack of…
Labs Notes Monthly Recap – May/2020
Juliana Lewis In 2020, we doubled up our research efforts to report on many new attacks and hacks that we see in the wild. We believe that…
Labs Notes Monthly Recap – April/2020
In 2020, we doubled up our research efforts to report on many new attacks and hacks that we see in the wild. We believe that…
Throwback Threat Thursday: WordPress 4.7 WP-JSON Content Injection Vulnerability
Justin Channell Throwback Threat Thursday is a series of posts where we recall older vulnerabilities that have since been patched by their developers. In the past, these…
5 Year Anniversary of the SoakSoak Malware Tsunami
This is a story about the SoakSoak malware campaign that proved that you can’t underestimate impact of security issues in popular premium software. These days,…
Throwback Threat Thursday: Joomla GoogleMaps Plugin SEO Spam Injection
Fioravante Souza Throwback Threat Thursday is a series of posts where we recall older vulnerabilities that have since been patched by their developers. In the past, these…