Website Security News
When it comes to an organization’s security, business email compromise (BEC) attacks are a big problem. One primary reason impacts are so significant is that attacks often use a human victim to authorize a fraudulent transaction to bypass existing security controls that would normally be…
It’s common knowledge that attackers often use email as a delivery mechanism for their malicious activity — which can range from enticing victims to click a phishing URL or download…
We recently found an interesting phishing kit on a compromised website that has QR code capabilities, along with the ability to control the phishing page in real time. What our…
Read More about Real-Time Phishing Kit Targets Brazilian Central Bank
We’ve seen a wider variety of PHP web shells being used by attackers this year — including a number of shells that have been significantly updated in an attempt to…
Read More about ALFA TEaM Shell ~ v4.1-Tesla: A Feature Update Analysis
This summer, MalwareBytes researcher Jérôme Segura wrote an article about how criminals use image files (.ico) to hide JavaScript credit card stealers on compromised e-commerce sites. In a tweet, Affable…
Read More about CSS-JS Steganography in Fake Flash Player Update Malware
During a recent investigation, a Magento admin login phishing page was found on a compromised website using the file name wp-order.php. This is an odd file name choice for a…
Read More about Magento Phishing Leverages JavaScript For Exfiltration
PHP hack tools are created and used by attackers to help automate frequent or tedious tasks. During a recent investigation, we came across a hack tool used to simplify the…
Employees at companies of all sizes can be targets of phishing attacks, but certain corporations or industries can be more valuable to an attacker than others. For instance, employees at…
Read More about Phishing Page Targets AT&T’s Employee Multi-Factor Authentication
Email will continue to be the dominant mode of digital communication for the foreseeable future. However, the email framework was not designed with security in mind. There still are security…
Phishing kits are the back end components to a phishing attack and are often designed to make it easier to deploy a phishing page. These kits are typically bundled in…
Read More about Spox Phishing Kit Harvests Chase Bank Credentials
Imagine a lonely person who’s looking for romantic companionship, so they turn to the internet. Picture someone who’s terribly anxious for news about an online payment that will ease their…
