RuneScape is an extremely popular massive multiplayer online game. With over 200 million generated accounts, its claim to fame is that it’s one of the largest free MMORPG’s ever created. At the current time of writing, 1 million in-game gold pieces is valued at around $0.60 USD on the black market. The wealthiest players can […]
Tag Archives: Website Security
Fixing “Uncommon Download” Warnings in Google Search Console
Over the past few months, a lot of website owners have received “uncommon download” warnings from Google Search Console. These warnings can be vague, often lacking specific information about where the download is, exactly. Don’t panic — a lot of these seem to be false positives and you can just request a review. Read on […]
Password Attacks 101
One of the most common attacks carried out nowadays is related to cracking passwords, but most people probably just know about brute-forcing. There are, in fact, other kinds of attacks around passwords. Let’s take a look at three kinds of password attacks. Brute Force Attacks Brute forcing in its essence is trying many passwords to […]
Hacked Website Threat Report – 2019
The threat landscape for website owners is constantly shifting on a regular basis — and it’s becoming increasingly more complex. As attackers continue to develop tools and find new vulnerabilities to massively exploit, our team works diligently around the clock to identify, analyze, and protect website owners from compromise. Education is key to protecting yourself […]
Web Swiper in Image Title
Cybercriminals regularly try a variety of approaches to hide their malicious code — web skimmers are well known for using all sorts of obfuscation and masquerading. Suspicious Img Tag Our malware analyst Liam Smith recently discovered a suspicious looking image tag in the database of a compromised Magento site. <img height=”1px” width=”1px” style=”display:none;“ src=”/skin/frontend/smartwave/mango/images/cs_logo_white.png” title=”hxxps://intljs.rmtag[.]net/js/slider.js“ […]
Personal Online Security – Account Management
Continuing a series on how to better strengthen your personal online privacy, we are looking to take personal inventory of how we connect online. These were themes covered during our webinar “Security Beyond Your Website: Personal Online Privacy” and in a Twitter conversation (through the #Digiblogchat weekly forum) on this same topic. The first posts […]
Fake AmeriCommerce Shopping Cart
Our malware analyst Liam Smith recently found malware on a client’s site that targets ecommerce sites powered by AmeriCommerce software. A popular ecommerce software solution that allows users to run multiple carts with a single admin user, AmeriCommerce product pages typically include an HTML form with the information about the item and an Add to […]
Malicious JavaScript Used in WP Site/Home URL Redirects
Our team recently found a malicious JavaScript injection within the WordPress index.php theme file on a compromised WordPress website which ultimately redirects site visitors to a survey-for-gifts scam website. At this time of writing, we have seen over two thousand new infected sites since we started tracking this infection. The injection seen below is used […]
Zen Cart “PayPal” Skimmer
While we mostly see skimmers on Magento based websites, this does not mean that less-popular ecommerce platforms are safe from infections with similar payment information stealing malware. Our security analyst Christopher Morrow recently found an injection on a lesser known open source ecommerce platform named Zen Cart, which itself is a fork from the older […]
Authentication Bypass Vulnerability in InfiniteWP Client
An authentication bypass vulnerability affecting more than 300,000 InfiniteWP Client plugin users has recently been disclosed to the public. This plugin allows site owners to manage multiple websites from one central server using the InfiniteWP Server. Due to the nature of this plugin, this is a serious vulnerability that should be patched as soon as […]
