Most people assume that if their website has been compromised, there must have been an attacker evaluating their site and looking for a specific vulnerability to hack. Under most circumstances however, bad actors don’t manually hand-pick websites to attack since it’s a tedious and time consuming process. Instead, they rely on automation to identify vulnerable […]
Tag Archives: Website Security
Magento Credit Card Stealer Reinfector
In the past few months, we have frequently seen how attackers are infecting Magento installations to scrape confidential information such as credit cards, logins, and PayPal credentials. That is why we have reported on a credit card stealer reinfector of Magento websites in one of our recent Labs Notes. In this post, we describe one of […]
The Importance of Website Backups
Imagine waking up in the morning to see that a couple of calls were missed and your email is overloaded with messages saying that your website is down. You go to your computer to check your server and it’s working fine – but oh no, all your files are deleted from the database. What would […]
How to Improve Website Resilience for DDoS Attacks – Part I
Denial of Service (Dos) and Distributed Denial of Service (DDoS) attacks are unforgiving. They test the limits of your web server and application resources by sending spikes of fake traffic to your website. It is also notoriously difficult to conduct forensics on a DDoS attack, making the source of the attack a mystery. DDoS attacks […]
How APIs Can Streamline Your Operations
Day-to-day operations can present many challenges. Whether you’re wearing multiple hats within the same department or a project lead managing dozens, even hundreds of web applications – time is always the concern. How late do I need to stay up tonight? How much longer will this take? What did I miss? I’ve heard this communicated a […]
Shell Logins as a Magento Reinfection Vector
Recently, we have come across a number of websites that were facing reinfection of a credit card information stealer malware within the following files: app/Mage.php; lib/Varien/Autoload.php; index.php; app/code/core/Mage/Core/functions.php; These are common files for attackers to target as they operate throughout Magento sites, but these instances were special as they had a very peculiar reinfection rate. […]
New Guide on How to Position Website Security for Customers
Website security is challenging, especially when dealing with a large network of sites. That is why we have created a guide for web professionals and web service providers. Our main objective is to help you understand how to leverage a website security plan for your clients. In the guide, we provide content you can add […]
An Old Trick with a New Twist: Cryptomining Through Disguised URL Shorteners
As we have previously discussed on this blog, surreptitious cryptomining continues to be a problem as new methods emerge to both evade and hasten the ease of mining at the expense of system administrators, website owners, and their visitors. Another Way Hackers are Tricking Website Visitors into Stealth Cryptomining The latest of these new techniques […]
Referral Program Update – Now Offering Agency Plan
Sucuri’s main objective is to make the internet a safer place for everyone. With that in mind, we created a Referral Program, which gives you the opportunity to advocate for website security and profit from it. Our referral partners use their custom link to recommend Sucuri products and receive a starting commission of 25% off […]
The Impacts of a Data Breach
Have you ever wondered what happens if your e-commerce site is breached? Usually, when you think about data breaches, you think about big enterprise websites. Does that mean that big brands are the ones who suffer the most from data breaches? Actually not. Recently, Trustwave put out a report that states approximately 90% of breaches impact […]
