Collaborate Disseminate
Unsurprisingly, as WordPress continues to increase in popularity as an e-commerce platform, attackers continue to attempt to steal credit card information from unsuspecting clients. Currently, the WordPress plugin WooCommerce accounts for roughly a qu… Continue reading WordPress Continues to Fall Victim to Carding Attacks
Nowadays, the term DDoS probably raises the heart rate of most webmasters. Though many don’t know exactly what a DDoS attack is, they do know the effect: an extremely sluggish or shut-down website.
In this article, we’ll focus on how to know if your … Continue reading How to Know If You Are Under DDoS Attack
As much as the web has grown, surprisingly not a lot has changed in how websites get hacked.
The most important thing you can do in keeping the web – and your own sites and visitors – safe is to understand these unchanging truths and hold them close t… Continue reading How Do Websites Get Hacked?
One of the themes commonly highlighted on this blog includes the many creative methods and techniques attackers employ to steal data from compromised websites. Credit card skimmers, credential and password hijackers, SQL injections, and even malware o… Continue reading Server Side Data Exfiltration via Telegram API
It’s common knowledge that attackers often use email as a delivery mechanism for their malicious activity — which can range from enticing victims to click a phishing URL or download a malicious attachment.
To support these activities, attackers seek o… Continue reading Phishing & Malspam with Leaf PHPMailer
We recently found an interesting phishing kit on a compromised website that has QR code capabilities, along with the ability to control the phishing page in real time. What our investigation revealed was that attackers were leveraging PIX, a new payme… Continue reading Real-Time Phishing Kit Targets Brazilian Central Bank
As vital assets for many business operations, websites and their hosting servers are often the target of ransomware attacks — and if they get taken offline, this can cause major issues for a business’ data, revenue, and ultimately reputation.
The wors… Continue reading Obfuscation Techniques in Ransomweb “Ransomware”
Identifying website backdoors is not always an easy task. Since a backdoors primary function is to conceal itself while providing unauthorized access, they are often developed using a variety of techniques that can make it challenging to detect.
For e… Continue reading Evaluating Cookies to Hide Backdoors
A client recently reported their customers were receiving antivirus warnings when trying to access and purchase products from a Magento ecommerce website. This is almost always a telltale sign that something is amiss, and so I began my investigation.
… Continue reading Bogus CSS Injection Leads to Stolen Credit Card Details
It’s not unusual to see website owners running things on a budget. Choosing a safe and reliable hosting company, buying a nice domain name, boosting posts on social media, and ranking on search engines — all this costs a lot of money. At the end of th… Continue reading SEO Spam Links in Nulled Plugins