Collaborate Disseminate
Keeping your eCommerce store secure is a must. Not only is it an important source of income for your business, but it also contains sensitive customer information, such as billing details and credit card numbers. Strong passwords can prevent many cyber… Continue reading Strong WooCommerce passwords – enforcing policies without deterring customers
Our Remediation team lead Ben Martin recently found a fake Google domain that is pretty convincing to the naked eye.
The malicious domain was abusing the URL shortener service is.gd: shortened URLs were being injected into the posts table of the clien… Continue reading Another Fake Google Domain: fonts.googlesapi.com
WPScan is a black box WordPress Security Scanner written in Ruby. Ideal for penetration testers, security professionals and WordPress administrators WPScan can find security weaknesses within a WordPress blog or website.
The post Using WPScan to find W… Continue reading Using WPScan to find WordPress vulnerabilities on your website
Two-factor authentication (2FA) is an important part of maintaining the security of a WordPress site. However, 2FA alone isn’t enough to harden your WordPress site authentication. Strong passwords are also an important part, even when using two-f… Continue reading Why you need both Two-factor Authentication & strong passwords on WordPress sites
This past week, we’ve been monitoring a new wave of website infections mostly impacting WordPress and Magento websites. We found that hackers have been injecting scripts from scripts.trasnaltemyrecords[.]com into multiple files and database tabl… Continue reading Vulnerable Versions of Adminer as a Universal Infection Vector
We often write about malware that steal payment information from sites built with Magento and other types of e-commerce CMS.
When discussing credit card skimmers like Magecart, it’s sometimes overlooked that WordPress also has a decent share in … Continue reading Skimmers for Both Magento and WordPress
We regularly clean all sorts of black hat SEO infections. During these infection cleanups, we often find compromised websites redirecting visitors to fake “Canadian Pharmacy” landing pages selling counterfeit men’s health pills from … Continue reading Pharma Spam Redirects to .su & .eu Sites
Last week, an ongoing WordPress malware campaign started a new wave which included a variety of experimental injection types.
Scripts as Data URLs
The first type looks pretty similar to what we discussed in our recent post.
However, instead of placing… Continue reading Data URLs and HTML Entities in New WordPress Malware
We often find various fake WordPress plugins installed by hackers during website cleanups. Recently, we’ve noticed a new wave of infections that install fake plugins with backdoor functionality.
Malicious Plugins Sourced from UpdraftPlus
Attacke… Continue reading Fake UpdraftPlus Plugins
A Distributed Denial of Service (DDoS) is a type of Denial of Service (DoS) attack in which the attack comes from multiple hosts as opposed to one, making them very difficult to block. As with any DoS attack, the objective is to make a target unavailab… Continue reading Understanding DDoS attacks: a guide for WordPress administrators