To bring awareness to what threatens the integrity of websites, we are continuing a series of posts on the OWASP top 10 security risks. The OWASP Top 10 list consists of the 10 most seen application vulnerabilities: Injection Broken Authentication Sensitive data exposure XML External Entities (XXE) Broken Access control Security misconfigurations Cross-Site Scripting (XSS) Insecure More Info »
How to Prevent Cross-Site Contamination for Beginners
What is Cross-Site Contamination? Cross-site contamination happens when a hacked site infects other sites on a shared server. Think of it as your kid in daycare catching the flu, next thing you know, everybody in the family has it as well. The same happens with websites. A site can be negatively affected by neighboring sites More Info »
New Year Tips from Security Professionals
Have you included website security as a part of your new year’s resolutions for 2019? Here is a quick retrospective on tips some of our team members shared with us throughout the year. The cost for neglecting security is 10 times greater than the effort to keep it safe. Your brand value takes 10 times More Info »
My Website Was Hacked on Christmas Eve
Christmas is a wonderful time to spend with family and friends. A lot of kids look forward to opening their presents under the Christmas tree, but not all of them have a present to open. This is why our family started a charity project in 2007 called the Shoebox Project. A few years later, my More Info »
Sucuri Named December 2018 Gartner Customers’ Choice for Web Application Firewalls
The Sucuri team is excited to announce that we have been recognized as a December 2018 Gartner Peer Insights Customers’ Choice for the Sucuri Firewall. Our team takes great pride in this distinction, as customer feedback continues to shape our products and services. In its announcement, Gartner explains, “The Gartner Peer Insights Customers’ Choice is More Info »
Clever SEO Spam Injection
It’s very common for us here at Sucuri to face SEO injections on almost any type of CMS-based site. Today, I’ll be presenting how one particularly ingenious malware manages to hide so well inside a WordPress website. The Traditional Approach There are two common approaches attackers use to inject SEO spam on websites: Injecting HTML More Info »
Naughty or Nice Websites
Santa Claus is coming! Was your website naughty or nice this year? Here is a quick checklist of the top 10 bad things that can harm your website security and the top 10 good things that can improve your website security. Naughty Websites List If your website falls into any of these categories, this is More Info »
OWASP Top 10 Security Risks – Part III
To bring awareness to what threatens the integrity of websites, we are continuing a series of posts on the OWASP top 10 security risks. The OWASP Top 10 list consists of the 10 most seen application vulnerabilities: Injection Broken Authentication Sensitive data exposure XML External Entities (XXE) Broken Access control Security misconfigurations Cross Site Scripting More Info »
Fake Volkswagen Campaign Spreads Through Social Networks
We recently investigated a suspicious link received by one of my colleagues on WhatsApp. The message (in Portuguese) states that Volkswagen is offering 20 free cars until the end of the year, and directs users to participate on a site that has been apparently crafted especially for this “event”. After an initial investigation, it became More Info »
Localization and Customization of Credit Card Stealing Malware
Credit card stealing malware is becoming more and more customized. We’ve been regularly seeing injected scripts with URLs that either mimic or include a portion of the victim’s site domain. Sometimes the injected code also references the victim’s site. Recently, we’ve come across another level of customization. Fake Payment Form in Bulgarian A compromised Magento More Info »