In recent months, we have encountered a number of cases where attackers inject malware into website software that allows for custom or miscellaneous code — for example, the miscellaneous scripts area of the Magento admin panel, or WordPress plugins such Continue reading Credit Card Skimmer Hidden in Fake Facebook Pixel Tracker
We often write about malware that steals payment information from sites built with Magento and other types of e-commerce CMS. However, WordPress has become a massive player in ecommerce as well, thanks to the adoption of Woocommerce and other plugins Continue reading Magento Shoplift: Ecommerce Malware Targets Both WordPress & Magento CMS
One of our analysts recently found an interesting malicious plugin injected into a WordPress / WooCommerce ecommerce website which both creates and conceals a bogus administrator user. It was also found injecting sophisticated credit card skimming JavaScript into the website’s Continue reading MageCart WordPress Plugin Injects Malicious User & Credit Card Skimmer
Hackers like Google Tag Manager: millions of sites use it, and they can inject custom scripts and HTML code via a script from the highly trusted domain googletagmanager.com. In order to create a new container and abuse Google Tag Manager, Continue reading 40 New Domains of Magecart Veteran ATMZOW Found in Google Tag Manager
If you were to believe shopping mall merchants, you’d think the holiday season starts immediately after Halloween. Christmas trees and candy canes abound, along with the same songs played on repeat that we hear every year ad nauseam. However, the Continue reading Skimming Credit Cards with WebSockets
Consumers spent a whopping $35.3 billion during last year’s cyber week shopping season. With Cyber Monday accounting for $11.3 billion in revenue alone, this period remains one of the biggest online shopping events of the year. Unfortunately, hackers are making Continue reading Black Friday & Cyber Monday Ecommerce Security Threats
Using out of date software is the leading cause of website compromise, so keeping your environment patched and up to date is one of the most important responsibilities of a website administrator. It’s not uncommon to employ the use of Continue reading Tampered OpenCart Authentication Aids Credit Card Skimming Attack
MageCart infections most often come in the form of complex, obfuscated JavaScript injected into Magento database tables such as core_config_data, or as malicious plugins or core file injections installed into WordPress / WooCommerce environments (which are increasingly common, and may Continue reading Decoding Magecart: Credit Card Skimmers Concealed Through Pixels & Images
Today’s story starts much the same as many others on this blog: A new client came to us reporting that credit card details were being compromised from their checkout page. The website owner had even been contacted by a major Continue reading Compromised OpenCart Payment Module Steals Credit Card Information
Last week on August 8th, 2023, Adobe released a critical security patch for Adobe Commerce and the Magento Open Source CMS. The patch provides fixes for three vulnerabilities which affect the popular ecommerce platforms. Successful exploitation could lead to arbitrary Continue reading Critical Security Update for Magento Open Source & Adobe Commerce
Conducting an external website scan for indicators of compromise is one of the easiest ways to identify security issues. While remote scanners may not provide as comprehensive of a scan as server-side scanners, they allow users to instantly identify malicious Continue reading SiteCheck Remote Website Scanner — Mid-Year 2023 Report
WooCommerce is a widely used e-commerce platform, powering nearly 6 million online stores worldwide. Its popularity makes it a prime target for cybercriminals looking to exploit vulnerabilities and steal sensitive data and credit card information. In fact, according to data Continue reading New WooCommerce Security Best Practices Guide
Welcome to another installment in helping website owners secure their digital assets, this time with a focus on the world of ecommerce. If you’re an ecommerce website owner, you’re likely aware that online stores face a unique set of challenges Continue reading How to Secure Your Online Store: A Ecommerce Security Primer
Education is crucial in defending your website against emerging threats. That’s why we are thrilled to share our 2022 Website Threat Research Report. Disseminating this information to the community helps educate website owners about the latest trends and threats. This Continue reading Hacked Website Threat Report – 2022
Disclaimer: The malware infection described in this article does not affect the software plugin or payment gateway as a whole, and does not indicate any vulnerabilities or security flaws within Authorize.net itself nor WooCommerce or any associated WooCommerce plugin extensions. Continue reading WooCommerce Credit Card Skimmer Reveals Tampered Gateway Plugin
The convenience and ease of online transactions has drawn a tremendous number of users to online ecommerce storefronts. And during the pandemic, many consumers switched to online purchases in favor of shopping at regular brick and mortar shops — leading Continue reading How to Securely Shop With Your Credit Card: Use a Virtual Card & Check for Skimmers
Attackers are always on the hunt for vulnerable websites. Whether you have a WordPress, Magento, or Joomla website — you’ll want to take steps to keep your site and server secure. In today’s post, we’ll be outlining the top twelve Continue reading Top 12 Website Hardening Tips
Consumers spent a whopping $33.9 billion during Cyber Week last year. With the average adult spending $430 on Black Friday alone, this period remains one of the biggest online shopping events of the year. Unfortunately, hackers are making bank alongside Continue reading Black Friday & Cyber Monday Ecommerce Security Threats
All software has bugs — but some bugs can lead to serious security vulnerabilities that can impact your website and traffic. Vulnerabilities can be especially dangerous when your software is running over the web, since anyone can reach out and Continue reading A Guide to Virtual Patching for Website Vulnerabilities
When a website is hacked symptoms can sometimes include unexpected, unfamiliar and strangely located favicon or .ico files. Other symptoms might include: ”This site may be hacked” warnings ShareTweetSharePostSharePin It!