dcsimg

Magecart criminals caught stealing with their poker face on

Earlier in June, we documented how Magecart credit card skimmers were found on Amazon S3. This was an interesting development, since threat actors weren’t actively targeting specific e-commerce shops, but rather were indiscriminately injecting any exposed S3 bucket. Ever since then, we’ve monitored other places where we believe a skimmer might be found next. However, we were … [Read more...]

How to secure your content management system

Suppose you want to start your own blog or set up a website where you can easily manage its content, the way it looks, and how often it changes. What you need is a content management system (CMS). WordPress, Drupal, and Joomla are some of the most popular content management systems used by both professionals and amateurs. The three I mentioned are open-source CMSes, meaning they are software with … [Read more...]

A look into Drupalgeddon’s client-side attacks

Drupal is one of the most popular Content Management Systems (CMS), along with WordPress and Joomla. In late March 2018, Drupal was affected by a major remote code execution vulnerability (CVE-2018-7600) followed by yet another (CVE-2018-7602) almost a month later, both aptly nicknamed Drupalgeddon 2 and Drupalgeddon 3. These back-to-back vulnerabilities were accompanied by proof of concepts that … [Read more...]