Blackhat SEO spam comes in many forms, and one of the most nefarious is hijacked search results. This happens when search engines crawl and display unwanted content in the title and description of infected web pages. The negative impact to the infected website cannot be understated. This harms the website’s reputation with visitors and will… […]
Archive by Author
Spotlight – How Cart66 Maintains Security for Ecommerce
Cart66 offers a comprehensive plugin solution for WordPress shop owners. With a unique suite of services, intuitive features, and essential security components, Cart66 provides everything you need to operate a PCI compliant online store. PCI compliance is one of the most important considerations for any ecommerce site. Cart66 connects your WordPress website to a hosted… […]
A Plugin’s Expired Domain Poses a Security Threat to Websites
Do you keep all your website software (including all third-party themes, plugins and components) up-to-date? You should! We always recommend this to our clients and our readers. Applying updates quickly will make sure that you replace any vulnerable code as soon as the security patch is released. However, this isn’t the only reason to keep… […]
Fake FreeDNS Used to Redirect Traffic to Malicious Sites
During the last couple of days we performed a few similar cleanup requests where sites occasionally redirected visitors to malicious sites that displayed ads, spam and malicious downloads. One of our security analysts, Andrey Kucherov, did some research in conjunction with our research team to find what was going on. In all cases the redirect… […]
Browser/OS Statistics From Half Billion Blocked Attacks
The need to make better sense of markets is paramount to the way businesses are run and decisions are made. We see this with the proliferation of online services that allow us to better gauge and understand our respective markets. If I think of it from an engineering perspective, one case might be the type… […]
Spotlight: How iThemes Manages Their Website Security
iThemes was one of the first premium theme shops for WordPress. Over the years their focus has expanded to include premium WordPress plugins that help website owners manage and secure their websites. In addition to a suite of plugins and themes, iThemes is committed to providing education and training for freelance web designers & entrepreneurs…. […]
Phishing Attacks Target Ecommerce Checkout Pages
Hunting credit card details on compromised ecommerce websites has become popular over the last two years. We have reported multiple cases in the past where attackers targeted checkout pages and payment modules via malicious “patches” designed to steal payment details. These thefts can’t be easily detected by customers (no visible signs) nor the site owners… […]
New Realstatistics Attack Vector Compromising Joomla Sites
Over the past few weeks we’ve seen a large number of Joomla websites compromised with the Realstatistics malware campaign. This mass infection is still evolving and continues to distribute harmful ransomware to compromised website visitors. Today we are providing more context on the new attack vector and exploitation process used to to compromise these sites…. […]
PCI for SMB – Requirement 2- Do Not Use Defaults
If you have an e-commerce website and you accept credit cards from your clients, you probably already heard of the term PCI compliance. PCI DSS (Payment Card Industry – Data Security Standard) is a standard containing series of security requirements that every merchant, big or small, must follow to be in compliance. PCI was created… […]
Realstatistics Malware Campaign Uses Fake Analytics Sites
In this post we’ll show you the tactics employed by the realstatistics malware campaign to make their injections seem less suspicious. The injection looks like this: The URL appears to be a typical statistics/analytics script: both the domain name and the URL path look relevant. The script is not encrypted…. The post Realstatistics Malware Campaign […]

