The current COVID-19 epidemic is changing the way people work, rapidly moving to working remotely as I have done for 20 years. I am providing this advice for smaller businesses that should leverage virtual private networks (VPNs) to enhance your security. This by no means should be all you rely on, but could be a […]
Tag Archives: Website Security
Assemble the Cookies
When we investigate compromised websites, it’s not unusual to find malicious files that have been obfuscated through forms of encoding or encryption — however, these are not the only methods that attackers use to obfuscate code. Obfuscation via Predefined PHP Variables Here’s an example of obfuscation that doesn’t use encoding or encryption in any way: […]
Free Sucuri WAF for Medical & Social Services
During the COVID-19 pandemic, there is concern about health systems worldwide. Many people in isolation or self-quarantine are looking for accurate medical information online on a daily basis. As a result, it is crucial that public health and social service websites remain available. We want to prevent malicious users from abusing these types of websites. […]
Safe Browsing During a Pandemic: How to Spot COVID-19 Phishing Campaigns
Online bad actors tend to take advantage of tragedy for their own gain – and the coronavirus is no different. While we would hope that cybercriminals would be sympathetic during a global health crisis, it already appears this may be a pipe dream. As the virus spread across the world causing shutdowns and quarantines, cybersecurity […]
Tips for New Remote Workers
With the new pandemic hovering over our heads, the main piece of advice from most countries is stay home. Working remotely is a new reality for many people around the world, and Sucuri can help you make this new endeavor easier for you. We have been an entirely remote team since the creation of the […]
2020 Website Security Glossary
As the online threat landscape continues to evolve, so too does the language we use to describe it. To support a safer internet for everyone, we’ve compiled this glossary. Based on our research, this is today’s most relevant terminology in website security. A Adware: Often in the form of browser pop-ups or unclosable windows, adware […]
Throwback Threat Thursday: WordPress 4.7 WP-JSON Content Injection Vulnerability
Throwback Threat Thursday is a series of posts where we recall older vulnerabilities that have since been patched by their developers. In the past, these vulnerabilities caused significant impacts to the security of website owners. Some vulnerable sites may still be found in the wild. Back in early 2017, our research team was looking into […]
WordPress Database Brute Force and Backdoors
We regularly talk about brute force attacks on WordPress sites and explain why WordPress credentials should always be unique, complex, and hard to guess. However, the WordPress login is not the only point of entry that hackers use to break into sites. Since the WordPress CMS stores most of its settings in a database, attackers […]
3-D Secure SMS-OTP Phishing
One of our remediation analysts Eli Trevino recently discovered a phishing page informing victims about fake Netflix service disruptions, supposedly due to problems with the victim’s payment method. The phishing page prompts victims to provide their payment details to prevent account lockout: What’s interesting about this phishing page is that it selectively targets victims within […]
PCI Compliance, Penetration testing, and the Sucuri WAF
Our support team is often asked, “Can we test our site through the Sucuri Web Application Firewall?” The answer is always yes, with a caveat. Tests that are intended to cause a disruption of the service, such as DoS attacks, are not allowed. We are there to help you if you do come under a […]
