Spotlight: Security for List25, a Popular Entertainment Website

For a website initially created to be just an experiment, it’s a pretty big deal to hit two major milestones, though it didn’t happen overnight.  List25 features daily posts compiled with lesser-known intriguing information ranging from the bizarre to subjects like politics, travel, history, science, and more. It now has over 2 million subscribers on More Info »

When Your Plugins Turn Against You

Every day we face countless cases of sites getting compromised and infected by an attacker. From there, the sites can be used for various operations like spam campaigns, malware spreading or simply to damage your SEO ranking among other events. The threat may not always come from outside though. There are occasions where we are More Info »

Phishing Targeting Sucuri Customers

We are always on guard for phishing emails and websites that might try to compromise our customers or employees, so that we can be on top of the issue and warn as many people as possible. Targeted attacks are rare, yet it seems today is one of those rare days for us. Recently we discovered a new phishing More Info »

Labs Notes Monthly Recap – May/2017

Sucuri Labs provides website malware research updates directly from our teams on the front line. You can read past-monthly recaps to catch up on trends we look at every month. This month, our Malware Research and Incident Response teams wrote about malware infections ranging from backdoors, credit card stealers, and malvertising. Continue reading Labs Notes More Info »

Personal Security Guide – WiFi Network

This is the third part in our series on personal security that offers methods to strengthen your overall security posture. By taking a holistic approach to security, you are protecting your website against attack vectors due to poor security practices in various aspects of your digital life. This post shares some insight on how to More Info »

New Non-HTTPS Websites Blacklisted for Phishy Password Practices

We submit hundreds of blacklist review requests every day after cleaning our clients’ websites. Google’s Deceptive Content warning applies when Google detects dangerous code that attempts to trick users into revealing sensitive information. For the past couple of months we have noticed that the number of websites blacklisted with Deceptive Content warnings has increased for More Info »

Reflections on reflection (attacks)

Recently Akamai published an article about CLDAP reflection attacks. This got us thinking. We saw attacks from Conectionless LDAP servers back in November 2016 but totally ignored them because our systems were automatically dropping the attack traffic without any impact. CC BY 2.0 image by RageZ We decided to take a second look through our More Info »