Ecommerce Security

Skimming Credit Cards with WebSockets

If you were to believe shopping mall merchants, you’d think the holiday season starts immediately after Halloween. Christmas trees and candy canes abound, along with the same songs played on repeat that we hear every year ad nauseam. However, the same could be said for card skimming attacks: Once the trick-or-treaters have gone home for

[ Read More ]

Tampered OpenCart Authentication Aids Credit Card Skimming Attack

Using out of date software is the leading cause of website compromise, so keeping your environment patched and up to date is one of the most important responsibilities of a website administrator. It’s not uncommon to employ the use of custom code on websites, and spend small fortunes on software developers to tailor their website

[ Read More ]

Decoding Magecart: Credit Card Skimmers Concealed Through Pixels & Images

MageCart infections most often come in the form of complex, obfuscated JavaScript injected into Magento database tables such as core_config_data, or as malicious plugins or core file injections installed into WordPress / WooCommerce environments (which are increasingly common, and may be due to antivirus programs increasing their detection rate on compromised checkout pages). However, a

[ Read More ]

Compromised OpenCart Payment Module Steals Credit Card Information

Today’s story starts much the same as many others on this blog: A new client came to us reporting that credit card details were being compromised from their checkout page. The website owner had even been contacted by a major credit card company who had identified their domain as a “common point point of purchase”

[ Read More ]

Critical Security Update for Magento Open Source & Adobe Commerce

Last week on August 8th, 2023, Adobe released a critical security patch for Adobe Commerce and the Magento Open Source CMS. The patch provides fixes for three vulnerabilities which affect the popular ecommerce platforms. Successful exploitation could lead to arbitrary code execution, privilege escalation and arbitrary file system read. Affected versions of Magento Open Source

[ Read More ]

SiteCheck Remote Website Scanner — Mid-Year 2023 Report

Conducting an external website scan for indicators of compromise is one of the easiest ways to  identify security issues. While remote scanners may not provide as comprehensive of a scan as server-side scanners, they allow users to instantly identify malicious code and detect security issues on their website without installing any software or applications. Our

[ Read More ]

New WooCommerce Security Best Practices Guide

WooCommerce is a widely used e-commerce platform, powering nearly 6 million online stores worldwide. Its popularity makes it a prime target for cybercriminals looking to exploit vulnerabilities and steal sensitive data and credit card information. In fact, according to data from our latest 2022 hacked website report, the top three most common cleanup signatures for

[ Read More ]

How to Secure Your Online Store: A Ecommerce Security Primer

Welcome to another installment in helping website owners secure their digital assets, this time with a focus on the world of ecommerce. If you’re an ecommerce website owner, you’re likely aware that online stores face a unique set of challenges when it comes to security. Your success hinges on the trust customers place in your

[ Read More ]

Top 12 Website Hardening Tips

Attackers are always on the hunt for vulnerable websites. Whether you have a WordPress, Magento, or Joomla website — you’ll want to take steps to keep your site and server secure. In today’s post, we’ll be outlining the top twelve steps you can take to harden your website and enhance the security of your environment.

[ Read More ]