sansec.io
Open in
urlscan Pro
2606:4700:3037::ac43:996e
Public Scan
Submitted URL: https://gwillem.gitlab.io/
Effective URL: https://sansec.io/research
Submission: On February 08 via manual from NL — Scanned from NL
Effective URL: https://sansec.io/research
Submission: On February 08 via manual from NL — Scanned from NL
Form analysis 1 forms found in the DOM
POST
<form method="POST" class="newsletter newsletter_footer" novalidate="">
<div class="form-contents">
<input type="hidden" name="u" value="5FD0C5336E3D0">
<input type="hidden" name="f" value="2">
<input type="hidden" name="s">
<input type="hidden" name="c" value="0">
<input type="hidden" name="m" value="0">
<input type="hidden" name="act" value="sub">
<input type="hidden" name="v" value="2">
<input tabindex="-1" type="email" name="email" placeholder="E-mail address" regex="[^@]+@[^@]+\.[^@]+" validated="">
<button id="_form_2_submit" class="_submit" type="submit" disabled="true">Submit</button>
</div>
<p class="newsletter__submission-message text_green">Thanks for signing up!</p>
</form>Text Content
eComscan secures over 7,000 online stores
* 30-day money back guarantee
* Easy 5 minute install
* Cancel any time
* Product
* Pricing
* Resources
* Company
* Contact
Get started in 5 minutes!
* Product
* Pricing
* Resources
* News
* Research
* Partners
* Support
*
* Company
* Contact
Get started in 5 minutes!
Secure your store today.
CLICK HERE
OVERVIEW OF ECOMMERCE HACKS & VULNERABILITIES
Sansec specializes in digital skimming. We are often “first at the scene” to
investigate high profile breaches and publish regularly about our discovery of
new attack vectors.
SANSEC ANALYSIS: 12% OF ONLINE STORES LEAK PRIVATE BACKUPS
Sansec discovered that one in nine online stores accidentally expose private
backups. This mistake could have dire consequences. Online criminals are
actively scanning for these backups, as they ...
VENDORS DEFEAT MAGENTO SECURITY PATCH (+ SIMPLE CHECK)
Magento and Adobe Commerce stores around the world have been hammered with
Trojan Order attacks this winter. And even if you have patched or installed
Adobe’s 2.4.4 release, you may still be vulner...
ADOBE COMMERCE MERCHANTS TO BE HIT WITH TROJANORDERS THIS SEASON
At least seven Magecart groups are injecting TrojanOrders at approximately 38%
of Magento and Adobe Commerce websites in November. After a quiet summer, the
number of attacks targeting the mail te...
EXTORTION OF MAGENTO MERCHANTS
Sansec has received reports of criminals trying to extort Magento merchants with
the message below. As long as the sender does not produce evidence, they almost
certainly did not steal your sensiti...
SURGE IN MAGENTO 2 TEMPLATE ATTACKS
The critical template vulnerability in Magento 2 (CVE-2022-24086) is gaining
popularity among eCommerce cyber criminals. The majority of recent Sansec
forensic cases concern this attack method. In ...
MAGENTO VENDOR FISHPIG HACKED, BACKDOORS ADDED
Fishpig, a vendor of popular Magento-Wordpress integrations, has been hacked.
Sansec found that attackers have injected malware in Fishpig software and taken
control of Fishpig servers. Online stor...
MAGENTO 2 CRITICAL VULNERABILITY (CVE-2022-24086 & CVE-2022-24087)
Update Feb 21st, 2022: Sansec has observed the first actual attacks in the wild.
Patch now! Unfortunately, this validates our previous prediction that abuse
would start within days. Attacks are com...
NATURALFRESHMALL: A VULNERABLE MAGENTO EXTENSION AND A MASS HACK
An investigative report by Sansec researchers on how one vulnerable Magento
extension leads to a mass web store attack, with Magecart attackers using
naturalfreshmall.com to hide and serve malware ...
NGINRAT PARASITE TARGETS NGINX
A new parasitic malware targets the popular Nginx web server, Sansec discovered.
This novel code injects itself into a host Nginx application and is nearly
invisible. The parasite is used to steal ...
CRONRAT MALWARE HIDES BEHIND FEBRUARY 31ST
In the run-up to Black Friday, Sansec discovered a sophisticated threat that is
packed with never-seen stealth techniques. This malware, dubbed “CronRAT”, hides
in the Linux calendar system on Febr...
NEW LINUX_AVP MALWARE HITS ECOMMERCE SITES
Sansec discovered a new malicious agent “linux_avp” that hides as system process
on eCommerce servers. It is being deployed around the world since last week and
takes commands from a control server...
CASE STUDY: HOW ECOMMERCE HACKERS SILENTLY STEAL CREDIT CARD DATA
The majority of online stores have never been hacked and, as a result, take a
somewhat lax approach to cybersecurity. However, no less than 20% of all online
stores get hacked every year, which mea...
GOOGLE APPS SCRIPT USED TO STEAL DATA
The Google business application platform Apps Script is used to funnel stolen
personal data, Sansec learned. Attackers use the reputation of the trusted
Google domain script.google.com to evade mal...
FAKE PAYMENT PAGE BEFORE CHECKOUT ON SHOPIFY AND BIGCOMMERCE
A new type of web skimmer was found on a dozen stores hosted on Shopify,
BigCommerce, Zen Cart and WooCommerce. Hosted (SaaS) ecommerce platforms like
BigCommerce and Shopify do not allow custom J...
ECOMMERCE TROJAN ACCIDENTALLY LEAKS VICTIMS
Sansec discovered a clever remote access trojan (RAT) that has been hiding in
the alleys of hacked eCommerce servers. Despite the advanced setup, perpetrators
mistakenly left a list of victim store...
PERSISTENT PARASITE IN EOL MAGENTO 2
Over the last months, hackers have quietly added a subtle security flaw to over
50 large online stores, only to exploit them right before Black Friday, Sansec
research shows. The flaw’s presence wo...
PAYMENT SKIMMER HIDES IN SOCIAL MEDIA BUTTONS
Researchers at Sansec have uncovered a novel technique to inject payment
skimmers onto checkout pages. This new malware has two parts: a concealed
payload and a decoder, of which the latter reads t...
CARDBLEED: 3% OF MAGENTO INSTALL BASE HACKED
Update Sept 18: Cardbleed has infected 2806 Magento1 stores so far (3% of total
install base) Over the weekend, almost two thousand Magento 1 stores across the
world have been hacked in the larges...
NORTH KOREA FOUND SKIMMING US SHOPPERS
North Korean state sponsored hackers are implicated in the interception of
online payments from American and European shoppers, Sansec research shows.
Hackers associated with the APT Lazarus/HIDDEN...
DIGITAL SKIMMER RUNS ENTIRELY ON GOOGLE, DEFEATS CSP
A newly discovered skimming campaign runs entirely on Google servers, Sansec
research shows. The novel malware sends stolen credit cards directly to Google
Analytics, evading security controls like...
SANSEC REVEALS LONGEST MAGECART SKIMMING OPERATION TO DATE [ANALYSIS]
Sansec, a global leader in eCommerce security, reveals that hackers successfully
infiltrated an online printing platform for more than two and a half years. Our
research shows that crooks ran keylo...
INDONESIAN MAGECART HACKERS ARRESTED
The Indonesian police announced on Friday that they have arrested three alleged
Magecart hackers on December 20th. The suspects are from Jakarta and Yogyakarta
and are 23, 26 and 35 years old. Afte...
PAYMENT SKIMMERS HAVE IMPERSONATED SANSEC
Payment skimmers are hiding their malpractice by impersonating our Sansec
anti-skimming service. They have registered malicious domains sansec.us and
sanguinelab.net, even using a fake address in A...
MAGENTO SECURITY EXTENTIONS VENDOR GOT HACKED
The store of a US Magento extension vendor was found compromised. Attackers had
write access to the server selling extensions. We are awaiting a statement on
the integrity of downloaded software. ...
CRITICAL MAGENTO 2 FLAW EXPLOITED WITHIN 16 HOURS
The number of hacked Magento 2 stores spiked in the last four weeks, after a
critical security flaw was discovered in March and criminals stole admin
passwords within 16 hours. Merchants are advise...
57 PAYMENT GATEWAYS FROM GERMANY TO BRAZIL TARGETED
Sansec discovered a polymorphic skimmer that works with 57 different payment
gateways. It has global reach, affecting payment systems from Germany to Brazil.
It is by far the most advanced skimmer ...
BAD EXTENSIONS NOW MAIN SOURCE OF MAGENTO HACKS: A SOLUTION!
In October last year I discovered several Magento extension 0days. As it turns
out, this was only the tip of the iceberg: today, insecure 3rd party extensions
are used to hack into thousands of sto...
LARGE SITES HACKED VIA ADMINER DATABASE TOOL
This week I discovered that large ecommerce and government sites got hacked via
the Adminer database tool. As it turns out, the root cause is a protocol flaw in
MySQL. Curiously, it is described in...
PHP TOOL 'ADMINER' LEAKS PASSWORDS
Update 2019-01-20: the root cause is a protocol flaw in MySQL. Adminer is a
popular PHP tool to administer MySQL and PostgreSQL databases. However, it can
be lured to disclose arbitrary files. Att...
COMPETING DIGITAL SKIMMERS SABOTAGE EACH OTHER
Skimmers found to subtly sabotage each others fraud operations Competition is
grim in the online skimming business (aka “MageCart”). The aggressive
MagentoCore skimmer was previously observed to...
MERCHANTS STRUGGLE WITH MAGECART REINFECTIONS
1 in 5 compromised merchants get reinfected, average skimming operation lasts 13
days MageCart, the notorious actors behind massive online card skimming, has
been busy. And so have we: our crawler...
BACKDOOR FOUND IN WEBGILITY
Update Nov 23rd: Webgility has released a patch and a public statement, urging
all customers to upgrade to version 345. Update Nov 30th: Webgility has
discovered another security issue and urges...
UNPUBLISHED SECURITY FLAWS (0DAYS) MASSIVELY EXPLOITED
Online credit card theft has been all over the news: criminals inject hidden
card stealers on legitimate checkout pages. But how are they are able to inject
anything in the first place? As it tur...
GERMAN POLITICAL PARTY STORE HACKED BEFORE ELECTION
The store of German political party CSU (www.csu-shop.de) contains an identity
skimmer that was planted on or before Oct 5th, right before the Bavarian
election on Oct 14th. Personal identifyable...
MAGECART: NOW WITH TRIPWIRE
Back in 2016, Magecart skimmers would evade detection by sleeping if any
developer tools were found running. Then, their malware would 404 without
correct Referer or User-Agent header. And now, M...
IS YOUR GOOGLE ANALYTICS CODE MALICIOUS?
Would you - a webdeveloper - get alarmed if you found the following code on your
website? Probably not, as Google Analytics is embedded in pretty much every
website these days: <script type="te...
MAGENTOCORE GROUP HACKS 7,339 STORES AND COUNTING
A single group is responsible for planting skimmers on 7339 individual stores in
the last 6 months. The MagentoCore skimmer is now the most successful to date.
Update 2018-09-07: Because Google Ch...
HACKERS BREACHED MAGENTO THROUGH HELPDESK
Magento merchants have recently received messages like this: Hey, I strongly
recommend you to make a redesign! Please contact me if you need a good designer!
– knockers@yahoo.com Upon closer ...
CRYPTOJACKING FOUND ON 2496 ONLINE STORES
Does your laptop get hot when visiting your favorite shop? You computer is
likely mining cryptocurrencies to the benefit of a cyberthief. Cryptojacking -
running crypto mining software in the br...
WHY ORDERING HTTP HEADERS IS IMPORTANT
If you code against Akamai hosted sites, you could be rejected because your HTTP
library sends request headers in the wrong order. In fact, most libraries use
undefined order, as the IETF specifica...
WARNING: FAKE MAGENTO PATCH 9789 CONTAINS VIRUS
Update May 21st: a similar phishing mail circulates about a fake patch
SUPEE-1798. Update Apr 22nd: added reference to Neutrino Bot and POS systems
This week a mail was sent out to announce the...
A MAGENTO BREACH ANALYSIS: PART 1
Part of a series where Magento security professionals share their case notes, so
that we can ultimately distill a set of best practices, tools and workflow. Part
of the job of running the MageRe...
AN OPENCART/MAGENTO HACKING DASHBOARD
This post shows how sophisticated Magento hacking operations have become
nowadays. While investigating a bruteforced Magento store, we noticed that the
hacker logged in using a curious referrer si...
SELF-HEALING MALWARE RESTORES ITSELF AFTER DELETION
Regular Javascript-based malware is normally injected in the static header or
footer HTML definitions in the database. Cleaning these records used to be
sufficient to get rid of the malware. But ...
VISBOT MALWARE FOUND ON 6691 STORES [ANALYSIS]
Visbot is one of the oldest Magecart payment skimmers: it steals customer data
and credit cards. The first case was documented as early as March 2015. But
being publicly discussed did not stop it...
'OUR STORE IS SAFE BECAUSE WE USE HTTPS'
Update Dec 1st: already 2300 stores have been fixed! Thanks to everybody who
tirelessly notified and fixed stores. Online card skimming is up 69% since Nov
2015 Multiple groups involved M...
CRIMINALS HAVE REWIRED 3,500 ONLINE STORES
Criminals have secretly rewired 3,500 online stores to continuously harvest
credit card numbers. The fraud can be traced back as far as May 12th 2015, so if
you have bought something at one of thes...
HACKERS GET SMARTER EVERY DAY.
OUTSMART THEM WITH ECOMSCAN.
eComscan is the automated backend security scanner that keeps your online store
safe from attackers. Discover vulnerabilities and malicious activity instantly.
Sansec experts study dozens of hacks every day to keep you protected. Sansec is
the only company specializing in Magento security and is a proud Adobe partner.
Scan your store now
Made with ❤ in Europe
* Sansec BV
* Kanaalweg 50
* 3526 KM Utrecht
* The Netherlands
* info@sansec.io
* Product
* Pricing
* Support
* Partners
* Malware Library
* Cardbleed
* Research
* News
* Company
* Contact
* Log in
Stay up to date with the latest eCommerce attacks
Submit
Thanks for signing up!
Secure stores, happy shoppers
Terms & Conditions
|
Privacy & Cookie Policy
|
Company Reg 77165187
|
Tax NL860920306B01
×