Malware obfuscation comes in all shapes and sizes — and it’s sometimes hard to recognize the difference between malicious and legitimate code when you see it. Recently, we came across an interesting case where attackers went a few extra miles to make it more difficult to notice the site infection. Mysterious wp-config.php Inclusion During the […]
Tag Archives: Website Security
Product Update: Sucuri Firewall in Sophia
Sucuri provides security for websites with the protection of our Web Application Firewall (WAF). We also have our proprietary Anycast content delivery network (CDN) that adds the performance benefits of a CDN to all our WAF users. We been adding data centers in key regions of the world: San Jose – US Dallas – US […]
Why Hackers Create Phishing Campaigns
Phishing is a malicious attempt to obtain personally identifiable information of a victim. The first thing to keep in mind about phishing is the goal of the attackers. In the first post of this series, we have explained how to recognize a phishing campaign. Today, we will focus on the objectives behind phishing attacks. Why […]
Personal Online Privacy – Data & Browser Privacy
Continuing a series on how to strengthen your personal online privacy, we are taking personal inventory of how we connect online. These were themes covered during our webinar on “Security Beyond Your Website: Personal Online Privacy” and during a Twitter conversation (through the #Digiblogchat weekly forum). The first post in this series answers the question: […]
5 Website Vulnerability Scanning Tools
Even the most diligent site owners should consider when they had their last website security check. As our own research indicates, infections of the most popular content management systems (CMS) are on the rise. In fact, last year WordPress infections jumped 8%, compared with 2017. That’s why it’s so important to regularly use a website […]
Another Fake Google Domain: fonts.googlesapi.com
Our Remediation team lead Ben Martin recently found a fake Google domain that is pretty convincing to the naked eye. The malicious domain was abusing the URL shortener service is.gd: shortened URLs were being injected into the posts table of the client’s WordPress database. Whenever the infected WordPress page loads, the actual content is obscured […]
Website Security Tips for Black Friday & Cyber Monday
Sucuri’s focus has always been on educating website owners about the latest threats and vulnerabilities — and much of that depends on our industry-leading research team. As the holiday season approaches, we asked our researchers what recommendations they had for ecommerce website owners to protect their customers, maintain compliance, and mitigate security risks. What do […]
Black Friday/Cyber Monday Ecommerce Security Threats
With the end of November comes the height of the holiday shopping season — specifically Black Friday and Cyber Monday sales, which typically span the last calendar days of November into the first week of December. As consumer behavior changes and online transactions become favored over traditional retail-store purchases, Black Friday and Cyber Monday are […]
How Many Types of Hackers Are There?
If you are a tech savvy person, you may have been called a “hacker” at some point by someone less technical. Maybe you’ve heard of growth hackers and life hacks. These are not the droids we’re looking for. The word “hack” in computer systems goes back to the 1950’s at M.I.T. when the model railroad […]
How to Recognize a Phishing Campaign
Phishing attacks and campaigns have always been a hot topic in online security. With many posts tagged as “phishing” on our blog — the first one being over nine years old now — we’ve seen our fair share of phishing attempts. In this post, we’ll cover the signs of a phishing attacks so you can […]
