Unwanted ads are one of the most common problems that site owners ask us to solve. Recently, we’ve noticed quite a few requests to remove intrusive “shorte st” ads that they never installed on their sites themselves. My colleague Denis Sinegubko of UnmaskParasites helped to investigate this case. Shorte[.]st is a service that hijacks links, […]
Archive | Security
RSS feed for this sectionWhen Your Plugins Turn Against You
Every day we face countless cases of sites getting compromised and infected by an attacker. From there, the sites can be used for various operations like spam campaigns, malware spreading or simply to damage your SEO ranking among other events. The threat may not always come from outside though. There are occasions where we are […]
Phishing Targeting Sucuri Customers
We are always on guard for phishing emails and websites that might try to compromise our customers or employees, so that we can be on top of the issue and warn as many people as possible. Targeted attacks are rare, yet it seems today is one of those rare days for us. Recently we discovered a new phishing […]
Labs Notes Monthly Recap – May/2017
Sucuri Labs provides website malware research updates directly from our teams on the front line. You can read past-monthly recaps to catch up on trends we look at every month. This month, our Malware Research and Incident Response teams wrote about malware infections ranging from backdoors, credit card stealers, and malvertising. Continue reading Labs Notes […]
Spotlight: How a Digital Marketing Agency Secures Client Sites
Based in Melbourne, Australia for over 17 years, 24Digital knows what it takes to succeed in the ever-evolving digital marketing space which is no longer a world resting on desktop alone. The goal is to be an extension to every client’s marketing department, a true partnership to launch or rebuild effective websites – from WordPress […]
Personal Security Guide – WiFi Network
This is the third part in our series on personal security that offers methods to strengthen your overall security posture. By taking a holistic approach to security, you are protecting your website against attack vectors due to poor security practices in various aspects of your digital life. This post shares some insight on how to […]
New Non-HTTPS Websites Blacklisted for Phishy Password Practices
We submit hundreds of blacklist review requests every day after cleaning our clients’ websites. Google’s Deceptive Content warning applies when Google detects dangerous code that attempts to trick users into revealing sensitive information. For the past couple of months we have noticed that the number of websites blacklisted with Deceptive Content warnings has increased for […]
Reflections on reflection (attacks)
Recently Akamai published an article about CLDAP reflection attacks. This got us thinking. We saw attacks from Conectionless LDAP servers back in November 2016 but totally ignored them because our systems were automatically dropping the attack traffic without any impact. CC BY 2.0 image by RageZ We decided to take a second look through our […]
Personal Security Guide – Online Accounts
In our last post on browser security, we talked about how developing a broader security mindset can help keep your website safe. By taking steps to secure your online accounts you can prevent hackers from gaining unauthorized access to your website. There are a number of ways that compromised accounts can leave you exposed to […]
Personal Security Guide – Web Browsers
If your computer is infected, malware can spread to your website through text editors and FTP clients. Weak passwords are also vulnerable to brute force attacks, and using unsecured networks to access the internet can leave you exposed to hackers. As a website owner, you have to consider the broader impacts of your overall security […]
