While we mostly see skimmers on Magento based websites, this does not mean that less-popular ecommerce platforms are safe from infections with similar payment information stealing malware. Our security analyst Christopher Morrow recently found an injection on a lesser known open source ecommerce platform named Zen Cart, which itself is a fork from the older […]
Tag Archives: Website Security
Authentication Bypass Vulnerability in InfiniteWP Client
An authentication bypass vulnerability affecting more than 300,000 InfiniteWP Client plugin users has recently been disclosed to the public. This plugin allows site owners to manage multiple websites from one central server using the InfiniteWP Server. Due to the nature of this plugin, this is a serious vulnerability that should be patched as soon as […]
Top 10 Sucuri Research Articles in 2019
As we settle into 2020, it’s a good time to look back at what was learned in the previous year. After all, the past provides valuable lessons for the future. With that thought in mind, we asked our researchers to choose their favorite blog posts from 2019. If your New Year’s resolution for 2020 is […]
What is Cross-Site Contamination?
How many websites do you currently have on your server? If the answer is something along the lines of, “One that I really care about, some older ones that I don’t really use, and maybe a dev site that could be live…” then you might want to familiarize yourself with the concept of cross-site contamination. […]
Why 2FA SMS is a Bad Idea
Two-factor authentication (2FA) brings an extra layer of security that passwords alone can’t provide. Requiring an extra step for a user to prove their identity reduces the chance of a bad actor gaining access to data. One of the most common methods of 2FA is SMS text messages. The problem is that SMS is not […]
The Anatomy of Website Malware Part 2: Credit Card Stealers
One of the biggest malicious trends in the last few months and years are credit card stealers — also commonly referred to as credit card skimmers or cc stealers . In the second part of this Website Malware Anatomy series, I’m going to deconstruct several skimmers and show you what they look like, where they […]
How Passwords Get Hacked
How many passwords do you use in a given day? Everything on the internet requires a password. It can be tough to keep track of them all and keep coming up with strong passwords. For proof, listen to the grumblings in most office buildings on the day passwords are set to expire. The disdain for […]
5 Year Anniversary of the SoakSoak Malware Tsunami
This is a story about the SoakSoak malware campaign that proved that you can’t underestimate impact of security issues in popular premium software. These days, the majority of popular content management systems are 100% free: WordPress, Magento, Joomla, Drupal, etc. Moreover, most CMS extensions are also free. In fact, modern webmasters can build any type […]
How Websites Are Used to Spread Emotet Malware
In past posts, we’ve discussed the more popular reasons why hackers target smaller websites. Today, we’ll focus instead on how hackers use compromised websites to spread dangerous malware like Emotet to end user victims. Emotet Threat First off, what is Emotet and how would a hacker benefit from using a compromised website to distribute it? […]
5 Malware & Virus Scanning Tools You Need to Check Out
Website malware is no joke. Our own research shows that with WordPress, by far today’s most common content management system (CMS), new infections are on the rise. Even with security researchers working constantly to uncover and remediate website malware, new threats continue to emerge — and today there are nearly 2 billion different types of […]
