One of the biggest malicious trends in the last few months and years are credit card stealers — also commonly referred to as credit card skimmers or cc stealers . In the second part of this Website Malware Anatomy series, I’m going to deconstruct several skimmers and show you what they look like, where they More Info »
How Passwords Get Hacked
How many passwords do you use in a given day? Everything on the internet requires a password. It can be tough to keep track of them all and keep coming up with strong passwords. For proof, listen to the grumblings in most office buildings on the day passwords are set to expire. The disdain for More Info »
5 Year Anniversary of the SoakSoak Malware Tsunami
This is a story about the SoakSoak malware campaign that proved that you can’t underestimate impact of security issues in popular premium software. These days, the majority of popular content management systems are 100% free: WordPress, Magento, Joomla, Drupal, etc. Moreover, most CMS extensions are also free. In fact, modern webmasters can build any type More Info »
How Websites Are Used to Spread Emotet Malware
In past posts, we’ve discussed the more popular reasons why hackers target smaller websites. Today, we’ll focus instead on how hackers use compromised websites to spread dangerous malware like Emotet to end user victims. Emotet Threat First off, what is Emotet and how would a hacker benefit from using a compromised website to distribute it? More Info »
5 Malware & Virus Scanning Tools You Need to Check Out
Website malware is no joke. Our own research shows that with WordPress, by far today’s most common content management system (CMS), new infections are on the rise. Even with security researchers working constantly to uncover and remediate website malware, new threats continue to emerge — and today there are nearly 2 billion different types of More Info »
Unmasking Black Hat SEO for Dating Scams
Malware obfuscation comes in all shapes and sizes — and it’s sometimes hard to recognize the difference between malicious and legitimate code when you see it. Recently, we came across an interesting case where attackers went a few extra miles to make it more difficult to notice the site infection. Mysterious wp-config.php Inclusion During the More Info »
Product Update: Sucuri Firewall in Sophia
Sucuri provides security for websites with the protection of our Web Application Firewall (WAF). We also have our proprietary Anycast content delivery network (CDN) that adds the performance benefits of a CDN to all our WAF users. We been adding data centers in key regions of the world: San Jose – US Dallas – US More Info »
Why Hackers Create Phishing Campaigns
Phishing is a malicious attempt to obtain personally identifiable information of a victim. The first thing to keep in mind about phishing is the goal of the attackers. In the first post of this series, we have explained how to recognize a phishing campaign. Today, we will focus on the objectives behind phishing attacks. Why More Info »
Personal Online Privacy – Data & Browser Privacy
Continuing a series on how to strengthen your personal online privacy, we are taking personal inventory of how we connect online. These were themes covered during our webinar on “Security Beyond Your Website: Personal Online Privacy” and during a Twitter conversation (through the #Digiblogchat weekly forum). The first post in this series answers the question: More Info »
5 Website Vulnerability Scanning Tools
Even the most diligent site owners should consider when they had their last website security check. As our own research indicates, infections of the most popular content management systems (CMS) are on the rise. In fact, last year WordPress infections jumped 8%, compared with 2017. That’s why it’s so important to regularly use a website More Info »
