Collaborate Disseminate
In my years of experience working alongside agencies, I’ve realized that managed providers and other web pros who offer website maintenance to their clients, have a hard time convincing them on the value of managed services.
It’s a common … Continue reading How to Create a Website Maintenance Plan & Contract
Over the past few weeks, we’ve seen an increase in Troldesh ransomware using compromised websites as intermediary malware distributors.
The malware often uses a PHP file that acts as a delivery tool for downloading the host malware dropper:
hxxp… Continue reading Troldesh Ransomware Dropper
If you’re using Chrome on Android, you can now sign-in to your Google account and some of the other Google services by simply using your fingerprint, instead of typing in your password every time.
Google is rolling out a new feature, called “local use… Continue reading Android Users Can Now Log in to Google Services Using Fingerprint
An intive study of its customers showed an alarming number of companies aren’t performing even basic measures to improve their internet security Installing the latest software, examining security certificates, keeping sensitive data private R… Continue reading Internet Security: How Widespread Are Bad Development Habits?
Last year we saw a fairly massive Magento malware campaign that injected credit card stealing code similar to this:
It uses the JavaScript atob function to decode base64-encoded domain names and URL patterns. In the sample above, it’s hxxps://li… Continue reading Magento Skimmers: From Atob to Alibaba
Front-end JavaScript-based credit card stealing malware has garnered a lot of attention within the security community. This makes sense, since the “swipers” can be easily detected by simply scanning the web pages of e-commerce sites.
Howev… Continue reading Autoloaded Server-Side Swiper
During a recent cleanup, we found an interesting malicious WordPress plugin, “WP Security”, that was being used to encrypt blog post content. The website owner complained of a newly installed and activated plugin on their website that was … Continue reading Malicious Plugin Used to Encrypt WordPress Posts
Most of us are familiar with Neapolitan ice cream: a flavour whose distinguishing characteristic is not one single flavour but several. Many also know it as the ice cream which your roommate eats all of the chocolate, leaving you with the paltry remai… Continue reading Neapolitan Backdoor Injection
Hardening is the process of securing a website or system against known security weaknesses or potential issues to reduce the attack surface. The more functions or features a website has, the more potential points of entry an attacker has to leverage.
… Continue reading Reverse Hardening WordPress Config
If your e-commerce website runs on the OXID eShop platform, you need to update it immediately to prevent your site from becoming compromised.
Cybersecurity researchers have discovered a pair of critical vulnerabilities in OXID eShop e-commerce softwar… Continue reading Critical Flaws in ‘OXID eShop’ Software Expose eCommerce Sites to Hacking