Zen Cart “PayPal” Skimmer

Posted on

While we mostly see skimmers on Magento based websites, this does not mean that less-popular ecommerce platforms are safe from infections with similar payment information stealing malware. We recently found a case on a lesser known open source ecommerce platform named Zen Cart, which itself is a fork from the older OsCommerce. Credit card skimmers […]

Authentication Bypass Vulnerability in InfiniteWP Client

Posted on

An authentication bypass vulnerability affecting more than 300,000 InfiniteWP Client plugin users has recently been disclosed to the public. This plugin allows site owners to manage multiple websites from one central server using the InfiniteWP Server. Due to the nature of this plugin, this is a serious vulnerability that should be patched as soon as […]

What is Cross-Site Contamination?

Posted on

How many websites do you currently have on your server? If the answer is something along the lines of,  “One that I really care about, some older ones that I don’t really use, and maybe a dev site that could be live…” then you might want to familiarize yourself with the concept of cross-site contamination. […]

Why 2FA SMS is a Bad Idea

Posted on

Two-factor authentication (2FA) brings an extra layer of security that passwords alone can’t provide. Requiring an extra step for a user to prove their identity reduces the chance of a bad actor gaining access to data. One of the most common methods of 2FA is SMS text messages. The problem is that SMS is not […]