Today, we are launching the new and improved Protected Page capability in our Website Firewall, CloudProxy. It allows for a simple (1-click) activation of secondary authentication methods on any page of your site. It means you can easily add the following to any page on your website: A custom password verification Two Factor authentication (2FA) […]
Archive | Security
RSS feed for this sectionTake Back Your Internet – Demand a Safer Web
Over the last couple of weeks, we’ve written about malicious redirects pushing users to porn sites, ever more complicated phishing scams being carried out by multiple compromised websites on a single server and about adsense blackmail. We’ve written about how attackers hit these sites because that’s what we do. We figure out what they’re doing […]
CloudFlare is PCI Certified
Great news for everyone using CloudFlare on an e-commerce site, or a site accepting or processing credit card transactions. After undergoing a Payment Card Industry (PCI) Data Security Standard (DSS) 2.0 security control assessment, we’ve been certified as a Level 1 service provider. Achieving Level 1 status requires an assessment of our security controls by […]
Was the FIFA Website Hacked?
As many know, our company has deep Brazilian roots, as such we have no choice but to enamored with the upcoming World Cup. Yes, the World Cup is coming, soccer news is everywhere and like most things, websites are being used to disseminate the news. The Federation Internationale de Football Association (FIFA) is perhaps one […]
Phishing Tale: An Analysis of an Email Phishing Scam
Phishing scams are always bad news, and in light of the Google Drive scam that made the rounds again last week, we thought we’d tell the story of some spam that was delivered into my own inbox because even security researchers, with well though-out email block rules, still get SPAM in our inboxes from time […]
Vulnerability found in the All in One SEO Pack WordPress Plugin
The team behind the All in One SEO Pack just released a new version of their popular WordPress plugin. It is a security release patching two privilege escalation vulnerabilities we discovered earlier this week that may affect any web site running it. The risks If your site has subscribers, authors and non-admin users logging in […]
Analyzing a Malicious iFrame – Following the Eval Trail
Over the last week, we’ve been working with some interesting malware injections. Developers and malware prevention professionals usually think of hidden iframes that deliver spam-seo or other malware as easy to spot. Take this injection, for example (Thanks to Sucuri team member, Rafael C., for the sample): This is not a traditional iframe src=’http://… code, […]
CloudFlare Meetups: Set your mind on fire.
Education, expertise, and community: these themes define Meetups at CloudFlare. Meetups in our office bring together industry leaders, academics, and field experts to examine topics ranging from the Go programming language, to databases, to cryptography, and more. We’re creating a space for people interested in learning about, and hashing-out, specialized topics together; check out CloudFlare’s […]
Malicious Redirections to Porn Websites
The past week has brought about a large number of cases where compromised websites had hidden redirections to porn injected into their code. All the infections had a similar pattern where they only targeted mobile devices. They are highly conditional as well making it challenging for webmasters to detect. Lets take a minute to explain […]
Sucuri CloudProxy – Website Firewall Enhancements
When LA’s DA says that, “73% of our local businesses appear to have been hacked,” it begins to illustrate the importance website protection will play in the future of business, which is why we’ve placed so much emphasis on website protection on this blog over the last few months. Protection is no longer a, “nice […]