After recent publication of the Uncommon Radixes Used in Malware Obfuscation article, we found an interesting Twitter thread involving @EKFiddle and @Ledtech3 #EKFiddle [Regex update]: Added Radix Web Skimmer identified by @unmaskparasites (https://t.co/3YJM9YeyAw).Additional domain seen in campaigns: checkip[.]bizhttps://t.co/U67qZosp1e pic.twitter.com/ZWwGZG6zyN — EKFiddle (@EKFiddle) March 17, 2019 Just a brief round up of the Twitter discussion. Neither […]
Tag Archives: Website Security
Arbitrary Directory Deletion in WP-Fastest-Cache
The WP-Fastest-Cache plugin authors released a new update, version 0.8.9.1, fixing a vulnerability (CVE-2019-6726) present during its install alongside the WP-PostRatings plugin. According to seclists.org: “A successful attack allows an unauthenticated attacker to specify a path to a directory from which files and directories will be deleted recursively. The vulnerable code path extracts the path […]
Uncommon Radixes Used in Malware Obfuscation
Some JavaScript features allow for pretty interesting obfuscation techniques. For example, did you know that virtually any English word can be used as a valid number? I recently decoded a credit card stealing script injected at the bottom of a js/varien/js.js file: There were several layers of obfuscation. During the final stage of decoding, I […]
PCI for SMB: Requirement 10 & 11 – Regularly Monitor and Test Networks
Welcome to the seventh post of a series on understanding the Payment Card Industry Data Security Standard–PCI DSS. We want to show how PCI DSS affects anyone going through the compliance process using the PCI SAQ’s (Self Assessment Questionnaires). In the previous articles written about PCI, we covered the following: Requirement 1: Build and Maintain […]
PCI for SMB: Requirement 10 & 11 – Regularly Monitor and Test Networks
Welcome to the seventh post of a series on understanding the Payment Card Industry Data Security Standard–PCI DSS. We want to show how PCI DSS affects anyone going through the compliance process using the PCI SAQ’s (Self Assessment Questionnaires). In the previous articles written about PCI, we covered the following: Requirement 1: Build and Maintain […]
Spotlight on Women in Cybersecurity
Sucuri is committed to helping women develop their careers in technology. On International Women’s Day, Sucuri team members share their insights into working in cybersecurity. Spotlight on Sucuri Women in Cybersecurity We have asked some of the women who work at Sucuri 3 questions: What do you do at Sucuri? How did you decide to […]
Spotlight on Women in Cybersecurity
Sucuri is committed to helping women develop their careers in technology. On International Women’s Day, Sucuri team members share their insights into working in cybersecurity. Spotlight on Sucuri Women in Cybersecurity We have asked some of the women who work at Sucuri 3 questions: What do you do at Sucuri? How did you decide to […]
How to Add SSL & Move WordPress from HTTP to HTTPS
Moving a WordPress website from HTTP to HTTPS should be a priority for any webmaster. Recent statistics show that over 33% of website administrators across the web use WordPress and many of these websites have still not added an SSL certificate. Why is Important to Have a WordPress SSL Certificate? SSL has become increasingly important […]
How to Add SSL & Move WordPress from HTTP to HTTPS
Moving a WordPress website from HTTP to HTTPS should be a priority for any webmaster. Recent statistics show that over 33% of website administrators across the web use WordPress and many of these websites have still not added an SSL certificate. Why is Important to Have a WordPress SSL Certificate? SSL has become increasingly important […]
Hacked Website Trend Report – 2018
We are proud to be releasing our latest Hacked Website Trend Report for 2018. This report is based on data collected and analyzed by the GoDaddy Security / Sucuri team, which includes the Incident Response Team (IRT) and the Malware Research Team (MRT). The data presented is based on the analysis of 25,168 cleanup requests […]
