In 2020, we doubled up our research efforts to report on many new attacks and hacks that we see in the wild. We believe that being informed is a big part of having a good website security posture. Sucuri Labs provides website malware research updates directly from our teams on the front line. Our Labs […]
Tag Archives: Website Security
How to Find & Fix WordPress Pharma Hack
It’s hard for any website owner to discover pharmaceutical spam. Finding bogus content for prescription drugs on a website you watched grow from a tiny blog can be heartbreaking. But don’t blame your website: it just got caught up in a bad crowd of SEO spammers. SEO spam occurs when bad actors inject a website […]
Meet the Victims of Online Scams
Imagine a lonely person who’s looking for romantic companionship, so they turn to the internet. Picture someone who’s terribly anxious for news about an online payment that will ease their paycheck-to-paycheck existence. Or perhaps you’ve known an individual with such limited technical skills and financial resources, they’re always browsing for the cheapest IT provider possible. […]
Understanding & Stopping Malicious Redirects
Many website owners don’t know they’re infected with malicious redirects until they start getting calls from wary customers. Instead of the site they were expecting, it loaded some pretty shady content from the nether reaches of the internet. Malicious redirects are caused by hackers injecting scripts into infected sites that send visitors to destinations where […]
Steam Phishing Campaign Uses CS:GO Skin Gambling Lure
Attackers regularly target online gaming accounts as they can quickly sell any transferable items along with account logins to a third party. This scenario has cropped up for years now, and has affected a growing number of popular online games ranging from Runescape to Fortnite. These games run on their own clients — so stealing […]
What is FTP? Why use it to clean hacked websites?
The File Transfer Protocol (FTP) is a network protocol used to transfer files between a client server and a network. In other words, it is through FTP that we get text and images onto a website. Why is FTP used to clean up a website? Not only is FTP used to insert files into a […]
YouTube Account Recovery Phishing
Phishing attacks against targeted channels have been successful in the past, as explained last year on ZDNet. Recently, our Remediation team found an interesting phishing page following a similar pattern that was targeting YouTube creators. Phishing Behavior The phishing campaign, which was initially discovered on a compromised WordPress website, is made up of two pages […]
New Drupal Website Security Best Practices Guide
When it comes to content management systems (CMS) for websites, Drupal is a highly flexible and extendible open-source solution. It is often preferred by technical developers and large government and educational websites. Because of this, the Drupal community is strongly committed to keeping the software secure. But no software can be completely immune from vulnerabilities […]
Labs Notes Monthly Recap – April/2020
In 2020, we doubled up our research efforts to report on many new attacks and hacks that we see in the wild. We believe that being informed is a big part of having a good website security posture. Sucuri Labs provides website malware research updates directly from our teams on the front line. Our Labs […]
Phishing Campaign Targets Poste Italiane & SMS OTP Verification
When creating phishing lures, attackers may cite recent major regulatory changes within the context of their social engineering scheme to confuse or further entice victims into clicking a link or performing some action. For example, in September 2019 the EU directive PSD2 went into effect (with some parts delayed until the end of 2020). This […]
