Over three years ago, we transitioned the Sucuri Firewall (WAF) away from the cloud and expanded it to run on top of our own Anycast content delivery network (CDN). We provide security for websites with the protection of our WAF as well as performance benefits of a CDN. We have been adding data centers in key […]
Tag Archives: Website Security
Security Monitoring Saves the Day
For the second week of National Cyber Security Awareness Month, we would like to focus on a very important part in having a good website security posture: monitoring. How can security monitoring save your day? Most people only care about their website security after something bad has already happened. However, how can you tell when […]
Obfuscated JavaScript Cryptominer
During an incident response investigation, we detected an interesting piece of heavily obfuscated JavaScript malware. Once decoded, we found out that cryptominers were running on visitor’s computers when they accessed our customer’s website. We have previously discussed how cryptomining can happen in many covert ways. In this post, we will show you how a malicious code […]
OWASP Top 10 Security Risks – Part I
It is National Cyber Security Awareness Month and in order to bring awareness to what threatens the integrity of websites, we would like to start a series of post on the OWASP top 10 security risks. OWASP stands for the Open Web Application Security Project, an online community that produces articles, methodologies, documentation, tools, and […]
PCI for SMB: Requirement 7 & 8 – Implement Strong Access Control Measures
This is the fifth post in a series of articles on understanding the Payment Card Industry Data Security Standard – PCI DSS. We are halfway there! In the previous articles about PCI, we covered the following: Requirement 1: Build and Maintain a Secure Network – Install and maintain a firewall configuration to protect cardholder data. […]
SSL vs. Website Security
Having a website today is way easier than it was 10 or 15 years ago. Tools like content management systems (CMS), website builders, static site generators and alike remove a lot of the friction around building and maintaining sites. But, is there a price for such convenience? I would dare to say that one of […]
E-Commerce Security – Planning for Disasters
This is the last post in our series on E-commerce Security: Intro to Securing an Online Store – Part 1 Intro to Securing an Online Store – Part 2 Today, let’s expand on some of the suggestions made during a webinar I hosted recently about steps you can take to secure your online store. So far […]
Backdoor Uses Paste Site to Host Payload
Finding backdoors is one of the biggest challenges of a website security analyst, as backdoors are designed to be hidden in case the malware is found and removed. Website Backdoors A backdoor is a piece of malware that attackers leave behind to allow them access back into a website. Hackers like to inject code into different locations to […]
Outdated Duplicator Plugin RCE Abused
We’re seeing an increase in the number of cases where attackers are disabling WordPress sites by removing or rewriting its wp-config.php file. These cases are all linked to the same vulnerable software: WordPress Duplicator Plugin. Versions lower than 1.2.42 of Snap Creek Duplicator plugin are vulnerable to a Remote Code Execution attack, where the malicious visitor is […]
Unsuccessfully Defaced Websites
Defaced websites are a type of hack that is easy to notice and a pain for website owners. Recently, we came across some defacement pages with a peculiar JavaScript injection included in the source code. What is a Defacement? Website defacement is a hack that often involves adding malicious images to the website homepage and […]
