In our last webinar, How To Account For Security With Customer Projects, I spoke about maintenance and sustainment contracts – specifically how to use them to better account for client website security. In this post I will touch on some of the key areas in a project’s lifecycle that can be leveraged to build stronger […]
Tag Archives: Website Security
Accounting for Defense in Depth in Website Security
In the field of Information Security (InfoSec) we like to use the phrase defense in depth. Like many things, it is a borrowed term with roots dating back millennia (216 B.C. – the second Punic war). It’s a term that refers to tactics employed by militaries around the world in which they would deploy layers… […]
Security through Confusion – The FUD Factor
The FUD factor has been employed by sales and marketing teams from multiple industries for decades. It stands for fear, uncertainty and doubt (FUD) and first appeared in the 70’s as a tactic used by competitors in the computer hardware business. FUD is as a disinformation strategy used to intentionally push information that is very misleading… […]
Hacked Website Report – 2016/Q2
Today we’re releasing our quarterly Hacked Website Report for 2016/Q2. The data in this report is based on compromised websites we worked on, with insights and analysis performed by our Incident Response Team (IRT) and Malware Research Team (MRT). CMS Analysis Our analysis consisted of over 9,000 infected websites. The graphs below show a side-by-side… […]
Product Update: Sucuri Firewall in Tokyo, Japan
For the last couple of years, we have been transitioning the Sucuri Firewall (WAF) away from the cloud and expanding it to run on top of our own Anycast content delivery network (CDN). We provide security for websites using our service and felt we needed to couple the performance benefits of a CDN with the… […]
IoT Home Router Botnet Leveraged in Large DDoS Attack
We have been monitoring a large-scale Layer 7 HTTPS flood attack (i.e., application level DDoS) against a customer over the past few weeks. It is being distributed across 47,000 IP addresses and has been pushing over 120,000 HTTPS requests per second (RPS) to the website. Unlike volumetric attacks that target the network link (measured in… […]
PCI for SMB – Requirement 2- Do Not Use Defaults
If you have an e-commerce website and you accept credit cards from your clients, you probably already heard of the term PCI compliance. PCI DSS (Payment Card Industry – Data Security Standard) is a standard containing series of security requirements that every merchant, big or small, must follow to be in compliance. PCI was created… […]
The Growing DDoS Threat to Website Owners
As website attacks continue to evolve, we see growing levels of sophistication in the way attackers are expanding the economics of their industry. The monetization potential of attacking websites continues to grow exponentially as more website come online (currently estimated to be over a billion live sites). With this evolution comes new tactics that we’ve… […]
Phishers Abuse Hosting Temporary URLs
Recently we told you how hackers use alternative domain names provided by web hosts to make their URLs look less suspicious. This time we’ll show a similar trick used by phishers. Phishing web pages get blacklisted very fast. That’s why hackers need to purchase many domains or compromise many websites so that they can point… […]
Website Hacked Trend Report – 2016/Q1
Our Remediation group is comprised of two distinct teams, the Incident Response Team (IRT) and Malware Research Team (MRT). These teams work closely with our customers in an effort to identify and remove website infections to include malware, SEO spam and a number of other malicious actions attackers take once successfully penetrating a websites defenses.Read […]
