Website Security News
Bad actors often leverage creative techniques to conceal malicious behaviour and harvest sensitive information from ecommerce websites. A recent investigation for a compromised Magento 2 website revealed a malicious injection that was capturing POST request data from site visitors. Located on the checkout page, it…
Read More about Magento 2 PHP Credit Card Skimmer Saves to JPG
During a recent plugin audit, we noticed a weird pattern among many plugins responsible for performing a specific task: Duplicating a page or a post. With a bit of research,…
Read More about Duplicated Vulnerabilities in WordPress Plugins
Last year was a busy one in the world of website security. Our 2019 Threat Research Report shows that over 60% of websites we cleaned had a vulnerability at the…
Our team recently found a malicious injection located within a PHP include. The redirect occurs via the include function, which includes a file inconspicuously named license.txt. During our investigation, we…
Read More about Fake License.txt File Loaded Through PHP Include
Our Remediation team analyst Ben Martin recently found a malicious injection in a compromised Magento 1.9.x installation that was stealing Magento user login credentials. The injection was found in the…
Read More about Magento Login Stealer in Fake bg_white.png Image
Our Remediation team lead Ben Martin recently discovered a single line obfuscated PHP injection in the main index.php file of a Magento 1.9.x website. It was being used to capture…
One of our Remediation team analysts, Liam Smith, discovered a malicious file on a client’s compromised WordPress website that demonstrates how attackers can use rudimentary tools to extract specific data…
Read More about Email Scraper: Mass Mail Grabber from Database
There are many different tricks hackers use to make injected spam links invisible to regular visitors. Below is an example employed by one link spam campaign, which primarily promotes porn,…
Most of us are familiar with Neapolitan ice cream: a flavour whose distinguishing characteristic is not one single flavour but several. Many also know it as the ice cream which…
Lately, we’ve seen quite a few sites with injected spammy links that follow this format: <div style=”position: absolute; opacity: 0.001; z-index: 10; filter: alpha(opacity=0);”> <a href=”https://www.shoesfindoutlet[.]co/”>www.shoesfindoutlet[.]co</a> <a href=”https://www.stepperbest[.]com/”>stepper motor</a> </div>…
The domain en-google-analytic[.]com, currently sinkholed by a security intelligence company, has been observed by our team to be part of a mass spam injection campaign. This attack was active as…
Read More about Spam Injector Masquerading as Google Analytics
