Website Security News
MalwareBytes recently shared some information about web skimmers that store malicious code inside real .ico files. During a routine investigation, we detected a similar issue. Instead of targeting .ico files, however, attackers chose to inject content into real .png files — both on compromised sites…
This is a mid-month update to our regular Monthly Vulnerability Digest, which reveals a number of new patches for disclosed vulnerabilities. Plugin Vulnerability Patched Version Installs Elementor Page Builder Authenticated…
The most common type of Magento credit card stealing malware is client-side JavaScript that grabs data entered in a checkout form and sends it to a third-party server controlled by…
Read More about Evasion Tactics in Hybrid Credit Card Skimmers
Relevant Plugins and Vulnerabilities: Plugin Vulnerability Patched Version Installs WP Product Review Unauthenticated Stored XSS 3.7.6 40000 Form Maker by 10Web Authenticated SQL Injection — 100000 Add-on SweetAlert Contact Form…
During an investigation, we identified a WordPress login stealer using the PHP functions curl and file_get_contents. The malicious code was injected into the core file wp-login.php to intercept the information…
This note is a follow up to our recent post about a web skimmer that uses a dynamic domain name generating algorithm. This week, analyst Ben Martin found another variation…
Read More about Web Skimmer With a Domain Name Generator – Follow Up
It goes without saying that evasive maneuvering is at the top of a hacker’s priority list. Most often, they try to evade detection by obfuscating their malicious code to make…
Our security analyst Moe Obaid recently found yet another variation of a web skimmer script injected into a Magento database. The malicious script loads the credit card stealing code from…
We’re constantly seeing news about computers being infected by ransomware, but very little do we hear about it affecting websites. That being said, the impact can be serious if the…
Read More about Analyzing & Decrypting L4NC34’s Simple Ransomware
The threat landscape for website owners is constantly shifting on a regular basis — and it’s becoming increasingly more complex. As attackers continue to develop tools and find new vulnerabilities…
Our Remediation team lead Ben Martin recently found a fake Google domain that is pretty convincing to the naked eye. The malicious domain was abusing the URL shortener service is.gd:…
Read More about Another Fake Google Domain: fonts.googlesapi.com
