The need to make better sense of markets is paramount to the way businesses are run and decisions are made. We see this with the proliferation of online services that allow us to better gauge and understand our respective markets. If I think of it from an engineering perspective, one case might be the type… […]
Archive | Security
RSS feed for this sectionSpotlight: How iThemes Manages Their Website Security
iThemes was one of the first premium theme shops for WordPress. Over the years their focus has expanded to include premium WordPress plugins that help website owners manage and secure their websites. In addition to a suite of plugins and themes, iThemes is committed to providing education and training for freelance web designers & entrepreneurs…. […]
Phishing Attacks Target Ecommerce Checkout Pages
Hunting credit card details on compromised ecommerce websites has become popular over the last two years. We have reported multiple cases in the past where attackers targeted checkout pages and payment modules via malicious “patches” designed to steal payment details. These thefts can’t be easily detected by customers (no visible signs) nor the site owners… […]
New Realstatistics Attack Vector Compromising Joomla Sites
Over the past few weeks we’ve seen a large number of Joomla websites compromised with the Realstatistics malware campaign. This mass infection is still evolving and continues to distribute harmful ransomware to compromised website visitors. Today we are providing more context on the new attack vector and exploitation process used to to compromise these sites…. […]
PCI for SMB – Requirement 2- Do Not Use Defaults
If you have an e-commerce website and you accept credit cards from your clients, you probably already heard of the term PCI compliance. PCI DSS (Payment Card Industry – Data Security Standard) is a standard containing series of security requirements that every merchant, big or small, must follow to be in compliance. PCI was created… […]
Realstatistics Malware Campaign Uses Fake Analytics Sites
In this post we’ll show you the tactics employed by the realstatistics malware campaign to make their injections seem less suspicious. The injection looks like this: The URL appears to be a typical statistics/analytics script: both the domain name and the URL path look relevant. The script is not encrypted…. The post Realstatistics Malware Campaign […]
Realstatistics Malware Campaign Leads To Ransomware
Our Incident Response Team (IRT) has been tracking a mass infection campaign over the last 2 weeks ( codenamed “Realstatistics”). This campaign has compromised thousands of websites built on the Joomla! and WordPress Content Management System (CMS). We have codenamed the campaign “Realstatistics” because of the domain being used by the attackers. The following fake analytics code was… […]
Spotlight: WPBeginner’s Approach to WordPress Security
WPBeginner offers tutorials, tips, and tricks for WordPress beginners to improve their sites. With over 150K Twitter followers and almost 10 million monthly visitors, the website is undeniably popular. The high-quality content provided by WPBeginner helps WordPress users make better decisions and gain awareness of their options. Using research and thought leadership, WPBeginner offers guidance… […]
200k+ Parked/Expired Domains Used to Distribute Malicious Ads
Recently we wrote about domain renewal scams that used real paper letters to tricks site owners into transferring their domains and renewing them for 3-4x the normal price. However, this is not the only way to make money on expiring domains. Today, we’ll show you another questionable million-dollar business on expired domain names that hurts… […]
Large CCTV Botnet Leveraged in DDoS Attacks
Our security operations team investigate and mitigate multiple denial of service (DDoS) attacks every single day. One recent case caught our attention because of the intensity and duration of the attack, and – as we discovered through some research – how it was being done. In this article, we’ll share the specifics in an effort to track… […]
