What are internet cookies, how should you feel about them? Are they helpful, harmless, dangerous? Usually, we must let go of one thing to gain another. Cookies are key to our modern online experience with targeted website ads and predictive search text that seems to read our minds. Cookies help us gain a customized online experience, but […]
Archive by Author
Multistage WordPress Redirect Kit
Recently, one of our analysts @kpetku came across a series of semi-randomised malware injections in multiple WordPress environments. Typical of spam redirect infections, the malware redirects visitors by calling malicious files hosted on third party infected websites. Interestingly, the infection stores itself as encoded content in the database and is called through random functions littered […]
Analysis of a Phishing Kit (that targets Chase Bank)
Most of us are already familiar with phishing: A common type of internet scam where unsuspecting victims are conned into entering their real login credentials on fake pages controlled by attackers. Once entered, the attackers syphon off those login details and use them for their own purposes. Sometimes this can just be a nuisance: for […]
How Passwords Get Hacked
Can you think of an online service that doesn’t require a password? Everything on the internet requires a password. However, constantly creating and remembering new and ever more complex passwords is no small task. In fact, 66% of people polled admitted to using the same password more than once because of how hard it is […]
7 Ways to Secure Magento 1
While unpatched installations of Magento 2 contain many vulnerabilities, I’m going to focus my attention on Magento 1 for this article. This is because Magento 2 provides regularly updated patches for many of the most common vulnerabilities targeting the platform. While Magento 1 also contains patches for many known vulnerabilities, those patches are not currently […]
A Short History of Essay Spam (How We Got from Pills to Plagiarism)
From answering beginner questions like ‘What is SEO spam?’ to breaking down the spammers’ code and exactly how they hide their injections in compromised websites, we have written regularly about spam at Sucuri. If you’ve ever operated a WordPress website you will have certainly seen, at the very least, a litany of spam comments posted […]
Adobe Patches Critical Magento Vulnerabilities in Recent Update
Adobe has recently released several critical security patches for both their open source and commercial versions of their ecommerce platform. There are a total of 18 security vulnerabilities patched according to Adobe, although they list only 16 specific issues in the patch notes. Eleven of these issues are considered critical and five considered important, ranked […]
Best Practices for Web Form Security
Web form security — the set of tools and practices intended to protect web forms from attacks and abuse — is one of the most critical aspects of overall website security. Web forms allow users to interact with your site and enable a lot of useful functionality. However, once a user can interact with your […]
Examining Unique Magento Backdoors
During a recent investigation into a compromised Magento ecommerce environment, we discovered the presence of five different backdoors that would provide attackers with code execution capabilities. The techniques used by the attackers in these backdoors illustrates the ever-changing landscape of website security and highlights some of the tactics used to avoid traditional backdoor detection. Reflection […]
Stylish Magento Card Stealer loads Without Script Tags
Recently one of our analysts, Weston H., found a very interesting credit card stealer in a Magento environment which loads a malicious JavaScript without using any script tags. In this post I will go over how it was found, how to decode it and how it works! One of our clients was reporting that one […]
