WebAssembly (also referred to as Wasm) is a binary instruction format that runs in the browser to enable high-performance applications on web pages and can be executed much faster than traditional JavaScript. WebAssembly can be executed in a variety of Continue reading Cryptominers & WebAssembly in Website Malware
PrestaShop is a popular freemium open source e-commerce platform used by hundreds of thousands of webmasters to sell products and services to website visitors. While PrestaShop’s CMS market share is only 0.8%, it should still come as no surprise that Continue reading PrestaShop Skimmer Concealed in One Page Checkout Module
There’s no one specific topic or target or audience when it comes to website security. But when you clean enough hacked websites, you start to see trends and techniques emerge in the landscape. In my last presentation at WordCamp Europe, Continue reading Security Lessons Learned from 2021
Bitcoin prices are down 60% year to date, trading far from the all-time highs of $69,000 seen last November. Some altcoins have plummeted even farther in value, with digital currencies collapsing in value in the past six months. While we Continue reading Infected WordPress Site Reveals Malicious C&C Script
Conducting an external website scan for indicators of compromise is one of the easiest ways to identify security issues. While remote scanners may not provide as comprehensive of a scan as server-side scanners, they allow users to instantly identify malicious Continue reading SiteCheck Malware Trends Report – Q2 2022
Conducting an external website scan for indicators of compromise is one of the easiest ways to identify security issues. While remote scanners may not provide as comprehensive of a scan as server-side scanners, they allow users to instantly identify malicious Continue reading SiteCheck Malware Trends Report – Q2 2022
WordPress security is serious business – and an essential consideration for anyone using the world’s most popular CMS (Content Management System). While the WordPress team quickly addresses known security issues in WordPress’ core to protect the millions of website owners Continue reading Top 5 Most Common WordPress Malware Infections: An Anatomy Lesson
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners on emerging threats to their environments, we’ve Continue reading Vulnerability & Patch Roundup — June 2022
The AnonymousFox hack targets insecure websites and actively exploits them to spread phishing, spam, and other malware. A major nuisance for website owners, it also happens to be one of the more prevalent types of malware seen on client sites Continue reading How to Find & Clean Up the AnonymousFox Hack
The threat landscape is constantly shifting. As attackers continue to hone their tools and exploit new vulnerabilities, our team works diligently to identify and analyze threats posed to webmasters. So – what do you need to do to stay one Continue reading 2021 Threat Report Webinar
The wp-config file is a powerful core WordPress file that is vital for running your website. It contains important configuration settings for WordPress, including details on where to find the database, login credentials, name and host. This config file is Continue reading Tips for WP-Config & How to Avoid Sensitive Data Exposure
Our story starts like many others told on this blog: A new client came to us with reported cases of credit card theft on their eCommerce website. The website owner had received complaints from several customers who reported bogus transactions Continue reading WooCommerce Credit Card Skimmer Uses Telegram Bot to Exfiltrate Stolen Data
Sure — as a security-minded website owner you’re probably already using a VPN to protect your privacy, managing app permissions to protect your phone, making sure your browser is blocking third party trackers, and enforcing strong passwords for all of Continue reading What is a Scam?
WordPress’ massive market share has come with an unsurprising side effect: As more and more site admins turn to popular plugins like WooCommerce to turn a profit on their website and set up online stores we’ve seen a significant increase Continue reading Smilodon Credit Card Skimming Malware Shifts to WordPress
E-commerce websites are valuable targets for attackers. Bad actors often leverage creative techniques to conceal their credit card stealers and gather sensitive credit card information from online storefronts. A recent investigation for a compromised Magento website revealed a rather interesting Continue reading It Takes 2 Seconds of Silence to Skim a Credit Card
Recently, Avast’s researchers Pavel Novák and Jan Rubín posted a detailed writeup about the “Parrot TDS” campaign involving more than 16,500 infected websites. Such massive infections don’t go unnoticed by Sucuri and we immediately recognized that the infection in their Continue reading Analysis of the Massive NDSW/NDSX Malware Campaign
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. We’ve compiled a list of some important security updates and vulnerability patches Continue reading Vulnerability & Patch Round-up — May 2022
In today’s post we’re going to be going over the top ten most cumbersome website infections to remove, based on the sheer number of files or database entries that they infected on compromised client sites during 2021. Some website malware Continue reading Top Ten Most Cumbersome Website Infections to Remove in 2021
Magento’s payment provider gateway offers functionalities for site owners to integrate stores with payment service providers. This handy feature lets a website create and handle transactions based on order details and allows for out-of-the-box integrations with payment service providers like Continue reading Credit Card Stealer Targets PsiGate Payment Gateway Software
The number of credit card skimmers targeting WooCommerce websites has skyrocketed over the past year, and threat actors have become increasingly creative in the different ways they obfuscate their payloads to avoid traditional detection. During a recent investigation for an Continue reading Analyzing a WooCommerce Credit Card Skimmer