Throwback Threat Thursday is a series of posts where we recall older vulnerabilities that have since been patched by their developers. In the past, these vulnerabilities caused significant impacts to the security of website owners. Some vulnerable sites may still be found in the wild. Back in early 2017, our research team was looking into More Info »
WordPress Database Brute Force and Backdoors
We regularly talk about brute force attacks on WordPress sites and explain why WordPress credentials should always be unique, complex, and hard to guess. However, the WordPress login is not the only point of entry that hackers use to break into sites. Since the WordPress CMS stores most of its settings in a database, attackers More Info »
3-D Secure SMS-OTP Phishing
One of our remediation analysts Eli Trevino recently discovered a phishing page informing victims about fake Netflix service disruptions, supposedly due to problems with the victim’s payment method. The phishing page prompts victims to provide their payment details to prevent account lockout: What’s interesting about this phishing page is that it selectively targets victims within More Info »
PCI Compliance, Penetration testing, and the Sucuri WAF
Our support team is often asked, “Can we test our site through the Sucuri Web Application Firewall?” The answer is always yes, with a caveat. Tests that are intended to cause a disruption of the service, such as DoS attacks, are not allowed. We are there to help you if you do come under a More Info »
Let’s Encrypt Revokes 3 Million Certificates Due to CAA Bug
Imagine receiving a TLS warning on your browser every time you visit your website for 60 days straight. Definitely not an ideal situation and you would certainly want to avoid it at all costs, correct? Let’s Encrypt SSL, a certificate authority run by the Internet Security Research Group (ISRG) and responsible for around 116 millions More Info »
7 Tips for Protecting Your Website
For many people, website security is an intimidating topic. It seems like there’s an endless list of things necessary for protecting your website. And while resources like our Website Security Guide cut through much of the clutter of the threat landscape, some folks might need it simplified even further. Okay, we hear ya. If you’re More Info »
What is Pharma Hack Spam?
Have you ever seen a website advertising products that seem unrelated to the apparent purpose of the site? Often, this suspicious content is promising pharmacy drugs, available quickly and without a prescription. That’s a classic example of a pharma hack. It’s very important to understand what a pharma hack is and how to stop it More Info »
Website Vulnerability vs. Malware – What’s the Difference?
To better understand the difference between website malware and vulnerabilities, imagine your online property is a brick-and-mortar structure. You’d want to keep safe from burglars, so you take measures to protect your house, like locked doors and windows, and installing an alarm system. It’s the same thing with website security. But with your online property, More Info »
How to Find & Remove SEO Spam on WordPress
Perhaps the best way to dive into the subject of finding and removing SEO spam on WordPress is with a quick experiment — probably one you’ll want to conduct at a private location. Run a Google search with the terms buy viagra cialis. Without clicking anything (seriously, don’t), take a close look at the results. More Info »
Is My Site Hacked?
It’s a day every website owner fears. You open the website you’ve poured your time, energy, and money into, only to find your home page looking very different. After your stomach sinks and you take a long gasp, you’ll likely shout out in frustration, “My site has been hacked! What do I do!?” But not More Info »
