Archive by Author

The Impacts of a Data Breach

Have you ever wondered what happens if your e-commerce site is breached? Usually, when you think about data breaches, you think about big enterprise websites. Does that mean that big brands are the ones who suffer the most from data breaches? Actually not. Recently, Trustwave put out a report that states approximately 90% of breaches impact More Info »

What is PCI Compliance?

Sucuri aims at keeping the internet safe. That is why we are so keen on informing our customers of potential threats. We have posted many articles regarding ecommerce security breaches that steal credit card information, as well as the risks for ecommerce site owners. There can be many dangers when purchasing through a website, and with More Info »

Massive localstorage[.]tk Drupal Infection

After a series of critical Drupal vulnerabilities disclosed this spring, it’s not surprising to see a surge of massive Drupal infections like this one: Massive #Drupal infection that redirects to “Tech Support” scam via “js.localstorage[.]tk” https://t.co/30ZeLIyfza pic.twitter.com/ZCPMepM74k — Denis (@unmaskparasites) April 24, 2018 … with over a thousand compromised sites that redirect visitors to “Tech More Info »

A Puzzling Backdoor Upload

After a successful compromise, backdoors are frequently left behind and function as a point of re-entry into the website environment. These malicious pieces of code are a valuable tool for attackers and allow them to bypass any existing access controls into the web server environment. To demonstrate just how common this malware is, in 2017 More Info »

Steps to Keep Your Site Clean: Updates

This is the second post of a series about Steps to Keep Your Site Clean. In the first post, we talked about Access Points; here we are going to offer more insight on Updates. Updates Repeatedly we see websites being infected or reinfected when important security updates are not taken seriously. Most software updates are created More Info »

From Baidu to Google’s Open Redirects

Last week, we described how an ongoing massive malware campaign began using Baidu search result links to redirect people to various ad and scam pages. It didn’t last long. Soon after the publication of that article, the bad actors changed the links to use compromised third-party sites and a couple of day later they began More Info »

Malicious Activities with Google Tag Manager

If I were to ask if you could trust a script from Google that is loading on your website, the majority of users would say “yes” or even “absolutely”. But when malicious behavior ensues, everything should be double-checked and suspected, even assets that come from “trusted sources” like Google, Facebook, and Youtube. In the past, More Info »

Content Security Policy

As a website owner, it’s a good idea to be aware of the security issues that might affect your site. For example, Cross-site Scripting (XSS) attacks consist of injecting malicious client-side scripts into a website and using the website as a propagation method. You probably know too that client-side scripts can be programmed to do More Info »