A newly found script by the name of "Magento Killer" has been targeting Magento Websites as of lately. The script $ConfKiller targets the most important file in a website i.e. the config file (configuration file). Further, $ConfKiller script if executed successfully can modify the core_config_data table of the attacked Magento database.
Sites using PHP are widely targeted by hackers as one exploit can work across all of them. Often clever techniques are deployed to work maliciously behind the scenes. PHP web shell backdoor is one such malicious script or program designed to infect your website secretly.
Magecart attacks came out of the dark when it targeted credit card info of big names such as British Airways, Ticketmaster, Netwegg, etc and made headlines. But, this does not mean Magecart attacks came into existence recently. In fact, Magecart attacks can be traced back to 2014 when several groups first started monetizing with stolen credit card details. Masterminds of Magecart have been active and growing ever since.
A bizarre hack has come to notice on WordPress websites. A huge number of WordPress websites are showing "1800ForBail – One+Number" or this "1800ForBail" as its SEO title/Blog name. Till now, it looks like a massive black hat SEO campaign. However, it could be more than that. Here is how it appears in Google search results: Attack Details Typically in…
Index.php is the landing page of your PrestaShop store. Hence, no doubt, this is one of the most visited pages of your website. However, this also implies that index.php is actively targeted by attackers. If the attackers are successful in compromising index.php of your Prestashop site, the results can be disastrous. The attackers can use it to serve malware, deface your site or steal credit card info of the customers of your PrestaShop store.
Plugin name: Data privacy extended (data protection law) - GDPR Module Vulnerability name: CSRF (Cross-Site Request Forgery) in the "Delete Account" Affected Prestashop versions: v220.127.116.11 - v18.104.22.168 Vulnerable Version: <3.7.8 Patched version: 3.7.8 Vulnerability Reported: 20th June 2019 Vulnerability Patched: 25th June 2019 While performing a security audit on one of our Prestashop clients at Astra, I found a critical…
Cross-site scripting, also known as XSS in short, is a security vulnerability found in web applications. WordPress XSS exploit allows attackers to inject malicious content under the guise of a trusted entity. Further, an XSS vulnerability also compromises user-website interaction. It allows attackers to pose as legitimate users and upload malicious content, steal user credentials and information, deface your website and tarnish your brand.