Webserver Infections – WindowsTechs.com

Vulnerabilities Digest: June 2020

Posted on July 6, 2020 by John Castro

Highlights for June 2020

Cross site scripting is still the most common vulnerability in WordPress Plugins. Bad actors are taking advantage of the lack of restrictions in critical functions and issues surrounding user input data sanitization.
Massive … Continue reading Vulnerabilities Digest: June 2020→

Evasion Tactics in Hybrid Credit Card Skimmers

Posted on June 5, 2020 by Denis Sinegubko

The most common type of Magento credit card stealing malware is client-side JavaScript that grabs data entered in a checkout form and sends it to a third-party server controlled by the attackers.
Though popular with bad actors, one of the drawbacks of… Continue reading Evasion Tactics in Hybrid Credit Card Skimmers→

PinnacleCart Server-Side Skimmers and Backdoors

Posted on April 22, 2020 by Denis Sinegubko

While open-source ecommerce platforms are the most common targets for web skimmers, hackers also target paid-for software — especially if it’s used on high-profile online stores with large user-bases.
This time, our analysts Kara Federow a… Continue reading PinnacleCart Server-Side Skimmers and Backdoors→

WordPress Database Brute Force and Backdoors

Posted on March 11, 2020 by Denis Sinegubko

We regularly talk about brute force attacks on WordPress sites and explain why WordPress credentials should always be unique, complex, and hard to guess.
However, the WordPress login is not the only point of entry that hackers use to break into sites…. Continue reading WordPress Database Brute Force and Backdoors→

What is Cross-Site Contamination?

Posted on January 9, 2020 by Juliana Lewis

How many websites do you currently have on your server? If the answer is something along the lines of, “One that I really care about, some older ones that I don’t really use, and maybe a dev site that could be live…” then… Continue reading What is Cross-Site Contamination?→

Vulnerable Versions of Adminer as a Universal Infection Vector

Posted on November 9, 2019 by Denis Sinegubko

This past week, we’ve been monitoring a new wave of website infections mostly impacting WordPress and Magento websites. We found that hackers have been injecting scripts from scripts.trasnaltemyrecords[.]com into multiple files and database tabl… Continue reading Vulnerable Versions of Adminer as a Universal Infection Vector→

Autoloaded Server-Side Swiper

Posted on August 6, 2019 by Denis Sinegubko

Front-end JavaScript-based credit card stealing malware has garnered a lot of attention within the security community. This makes sense, since the “swipers” can be easily detected by simply scanning the web pages of e-commerce sites.
Howev… Continue reading Autoloaded Server-Side Swiper→

Cryptominers: Binary-Process-Cron Variants and Methods of Removal

Posted on August 2, 2018 by Tyler Lancy

This post provides a brief overview of how to manually remove server-side cryptominers and other types of Binary-Process-Cron malware from a server. Unlike browser-based JavaScript cryptominers that have been injected into a web page, a binary server-… Continue reading Cryptominers: Binary-Process-Cron Variants and Methods of Removal→