On December 1, 2023, several security researchers reported about a new phishing campaign targeting WordPress administrators. WordPress sites owners had started receiving emails from WordPress.com with the following message: “The WordPress Security Team has discovered a Remove Code Execution (RCE) vulnerability on your site, which allows attackers to execute malwares and steal your data, user […]
Tag Archives: Malware
40 New Domains of Magecart Veteran ATMZOW Found in Google Tag Manager
Hackers like Google Tag Manager: millions of sites use it, and they can inject custom scripts and HTML code via a script from the highly trusted domain googletagmanager.com. In order to create a new container and abuse Google Tag Manager, all they need is a Google account (and we all know how easy it is […]
Skimming Credit Cards with WebSockets
If you were to believe shopping mall merchants, you’d think the holiday season starts immediately after Halloween. Christmas trees and candy canes abound, along with the same songs played on repeat that we hear every year ad nauseam. However, the same could be said for card skimming attacks: Once the trick-or-treaters have gone home for […]
New Email Course: Common Website Threats & Malware
The digital world isn’t all rainbows, unicorns, and cat gifs; it also has a dark side. As threats become increasingly sophisticated, website owners and administrators need to up their game. That’s why we’ve created this tailored email course — to help you navigate common website malware and vulnerabilities. We’ve picked apart data from over 43,000 […]
How to Harden & Secure a Website (12 Steps)
Attackers are always on the hunt for vulnerable websites. Whether you have a WordPress, Magento, or Joomla website — you’ll want to take steps to secure your site and server from attacks and malware. In today’s post, we’ll be outlining the top twelve steps you can take to harden your website and enhance the security […]
Black Friday & Cyber Monday Ecommerce Security Threats
Consumers spent a whopping $35.3 billion during last year’s cyber week shopping season. With Cyber Monday accounting for $11.3 billion in revenue alone, this period remains one of the biggest online shopping events of the year. Unfortunately, hackers are making bank alongside online retailers. As we enter the holiday season, ecommerce websites are at an […]
New Hacked Database Guide
Your website’s database is a treasure trove of valuable information. However, this also makes it a prime target for hackers looking to steal sensitive data or modify your site’s content and behavior. The unfortunate reality is that a compromised website database can lead to a loss of essential customer information, impacting your website’s reputation and […]
FakeUpdateRU Chrome Update Infection Spreads Trojan Malware
Fake Google chrome update malware, often associated with the notorious SocGholish infection, is something that we have been tracking for a number of years. It is one of the most common types of website malware. It tricks unsuspecting users into downloading what appears to be an update to their Chrome browser, but is actually a […]
Tampered OpenCart Authentication Aids Credit Card Skimming Attack
Using out of date software is the leading cause of website compromise, so keeping your environment patched and up to date is one of the most important responsibilities of a website administrator. It’s not uncommon to employ the use of custom code on websites, and spend small fortunes on software developers to tailor their website […]
Shifting Malware Tactics & Stealthy Use of Non-Executable .txt & .log Files
The malware landscape is constantly evolving — and bad actors are always devising new techniques to evade detection. Our analysts most commonly find website malware nestled within JavaScript or PHP files, which can be directly executed by browsers or servers. However, we’re encountering more and more instances of malware that use code from non-executable files […]
