eCommerce Security – Page 2

Vulnerabilities Digest: July 2020

Posted on August 3, 2020 by John Castro

Relevant Plugins and Vulnerabilities:
PluginVulnerabilityPatched VersionInstalls
Asset CleanUp: Page Speed
Authenticated XSS
1.4.6.7
80000
Quiz And Survey Master
Authenticated Stored XSS
7.0.0
30000
Comments – wpDiscuz 7.0.0 –
Arbitrary Fi… Continue reading Vulnerabilities Digest: July 2020→

Reverse String WooCommerce WordPress Credit Card Swiper

Posted on July 27, 2020 by Ben Martin

As 2020 continues to be the worst year in almost anybody’s lifetime, allow me to take this opportunity to stoke the fires of your existential dread even further. As a sequel to my last blog post earlier this year about the credit card swiper tha… Continue reading Reverse String WooCommerce WordPress Credit Card Swiper→

Spox Phishing Kit Harvests Chase Bank Credentials

Posted on July 13, 2020 by Luke Leal

Phishing kits are the back end components to a phishing attack and are often designed to make it easier to deploy a phishing page.
These kits are typically bundled in compressed files, such as .zip archives, and contain the entire file infrastructure … Continue reading Spox Phishing Kit Harvests Chase Bank Credentials→

Pirated WordPress Plugins Bundled with Backdoors

Posted on July 8, 2020 by Luke Leal

One widespread belief among webmasters is that attackers typically only compromise websites in a couple of ways: by exploiting vulnerabilities or stealing login credentials.
Although these are certainly two of the more common attack vectors, another m… Continue reading Pirated WordPress Plugins Bundled with Backdoors→

Evasion Tactics in Hybrid Credit Card Skimmers

Posted on June 5, 2020 by Denis Sinegubko

The most common type of Magento credit card stealing malware is client-side JavaScript that grabs data entered in a checkout form and sends it to a third-party server controlled by the attackers.
Though popular with bad actors, one of the drawbacks of… Continue reading Evasion Tactics in Hybrid Credit Card Skimmers→

PinnacleCart Server-Side Skimmers and Backdoors

Posted on April 22, 2020 by Denis Sinegubko

While open-source ecommerce platforms are the most common targets for web skimmers, hackers also target paid-for software — especially if it’s used on high-profile online stores with large user-bases.
This time, our analysts Kara Federow a… Continue reading PinnacleCart Server-Side Skimmers and Backdoors→

Analysis of a WordPress Credit Card Swiper

Posted on April 9, 2020 by Ben Martin

While working on a recent case, I found something on a WordPress website that is not as common as on Magento environments: A credit card swiper injection.
Typically this type of malware targets dedicated ecommerce platforms such as Magento and Prestas… Continue reading Analysis of a WordPress Credit Card Swiper→

3-D Secure SMS-OTP Phishing

Posted on March 9, 2020 by Luke Leal

One of our remediation analysts Eli Trevino recently discovered a phishing page informing victims about fake Netflix service disruptions, supposedly due to problems with the victim’s payment method.
The phishing page prompts victims to provide t… Continue reading 3-D Secure SMS-OTP Phishing→

Hacked Website Threat Report – 2019

Posted on January 28, 2020 by Rianna MacLeod

The threat landscape for website owners is constantly shifting on a regular basis — and it’s becoming increasingly more complex. As attackers continue to develop tools and find new vulnerabilities to massively exploit, our team works dilig… Continue reading Hacked Website Threat Report – 2019→

Web Swiper in Image Title

Posted on January 27, 2020 by Denis Sinegubko

Cybercriminals regularly try a variety of approaches to hide their malicious code — web skimmers are well known for using all sorts of obfuscation and masquerading.
Suspicious Img Tag
Our malware analyst Liam Smith recently discovered a suspicio… Continue reading Web Swiper in Image Title→