Have you ever looked at your server or website logs and realized that they make absolutely no sense to you? Or thought that logs just seem to take up a lot of valuable server space? Or perhaps they fail to provide clear insights into what happened in the first place? As a security company, we […]
Archive by Author
Fake Instagram Verification & Twitter Badge Phishing
Social media platforms like Instagram and Twitter offer verification badges as a credibility indicator to help show authenticity and integrity to visitors. To obtain a badge, profiles must meet a list of various requirements and undergo verification process. For example, the one found on our Sucuri Twitter profile: Let’s examine how these coveted verification badges […]
7 Tips to Clean & Maintain Your Website
Most people would agree — living in a house full of accumulated debris and unnecessary objects can create a chaotic environment, and even cause health problems. This scenario is easily applicable to your website, too. You can think of your hosting environment as the home where your website lives. It’s extremely easy for hosting accounts […]
WordPress Vulnerabilities & Patch Roundup — July 2022
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners on emerging threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this […]
DHL Phishing Page Uses Telegram Bot for Exfiltration
One of the quickest ways for an attacker to harvest financial data, credentials, and sensitive personal information is through phishing. These social engineering attacks can typically be found masquerading as a trusted or recognizable service, intent on tricking unsuspecting users into submitting sensitive information on the attacker’s customized web page. Criminals use phishing because it […]
Cryptominers & WebAssembly in Website Malware
WebAssembly (also referred to as Wasm) is a binary instruction format that runs in the browser to enable high-performance applications on web pages and can be executed much faster than traditional JavaScript. WebAssembly can be executed in a variety of environments, including servers, IoT devices, and mobile or desktop apps — but was originally designed […]
PrestaShop Skimmer Concealed in One Page Checkout Module
PrestaShop is a popular freemium open source e-commerce platform used by hundreds of thousands of webmasters to sell products and services to website visitors. While PrestaShop’s CMS market share is only 0.8%, it should still come as no surprise that attackers have been crafting malware to specifically target environments who use this software. In this […]
Security Lessons Learned from 2021
There’s no one specific topic or target or audience when it comes to website security. But when you clean enough hacked websites, you start to see trends and techniques emerge in the landscape. In my last presentation at WordCamp Europe, I dove into the latest findings from our threat report to highlight the major themes […]
Infected WordPress Site Reveals Malicious C&C Script
Bitcoin prices are down 60% year to date, trading far from the all-time highs of $69,000 seen last November. Some altcoins have plummeted even farther in value, with digital currencies collapsing in value in the past six months. While we can collectively agree that cryptocurrencies are incredibly volatile and currently on a downward trajectory – […]
SiteCheck Malware Trends Report – Q2 2022
Conducting an external website scan for indicators of compromise is one of the easiest ways to identify security issues. While remote scanners may not provide as comprehensive of a scan as server-side scanners, they allow users to instantly identify malicious code and detect security issues on their website without installing any software or applications. Our […]
