It’s hard for any website owner to discover pharmaceutical spam. Finding bogus content for prescription drugs on a website you watched grow from a tiny blog can be heartbreaking. But don’t blame your website: it just got caught up in a bad crowd of SEO spammers. SEO spam occurs when bad actors inject a website More Info »
Meet the Victims of Online Scams
Imagine a lonely person who’s looking for romantic companionship, so they turn to the internet. Picture someone who’s terribly anxious for news about an online payment that will ease their paycheck-to-paycheck existence. Or perhaps you’ve known an individual with such limited technical skills and financial resources, they’re always browsing for the cheapest IT provider possible. More Info »
Sucuri Presents: Sucuri Sit-Down and Sucuri Sync-Up Podcast Series
Our main goal at Sucuri is to make the internet a safer place. One of our investments is creating the best educational content about website security to share our knowledge with the community. With that in mind, we have decided to start podcasting. The Sucuri Sit-Down podcast aims at explaining what is going on in More Info »
Understanding & Stopping Malicious Redirects
Many website owners don’t know they’re infected with malicious redirects until they start getting calls from wary customers. Instead of the site they were expecting, it loaded some pretty shady content from the nether reaches of the internet. Malicious redirects are caused by hackers injecting scripts into infected sites that send visitors to destinations where More Info »
Steam Phishing Campaign Uses CS:GO Skin Gambling Lure
Attackers regularly target online gaming accounts as they can quickly sell any transferable items along with account logins to a third party. This scenario has cropped up for years now, and has affected a growing number of popular online games ranging from Runescape to Fortnite. These games run on their own clients — so stealing More Info »
What is FTP? Why use it to clean hacked websites?
The File Transfer Protocol (FTP) is a network protocol used to transfer files between a client server and a network. In other words, it is through FTP that we get text and images onto a website. Why is FTP used to clean up a website? Not only is FTP used to insert files into a More Info »
WordPress Malware Collects Sensitive WooCommerce Data
During a recent investigation, our team found malicious code that reveals how attackers are performing reconnaissance to identify if sites are actively using WooCommerce in a compromised hosting environment. These compromised websites are victims of the ongoing wave of exploits against vulnerable WordPress plugins. Why are WooCommerce websites being targeted? WooCommerce is a powerful WordPress More Info »
YouTube Account Recovery Phishing
Phishing attacks against targeted channels have been successful in the past, as explained last year on ZDNet. Recently, our Remediation team found an interesting phishing page following a similar pattern that was targeting YouTube creators. Phishing Behavior The phishing campaign, which was initially discovered on a compromised WordPress website, is made up of two pages More Info »
New Drupal Website Security Best Practices Guide
When it comes to content management systems (CMS) for websites, Drupal is a highly flexible and extendible open-source solution. It is often preferred by technical developers and large government and educational websites. Because of this, the Drupal community is strongly committed to keeping the software secure. But no software can be completely immune from vulnerabilities More Info »
Labs Notes Monthly Recap – April/2020
In 2020, we doubled up our research efforts to report on many new attacks and hacks that we see in the wild. We believe that being informed is a big part of having a good website security posture. Sucuri Labs provides website malware research updates directly from our teams on the front line. Our Labs More Info »
