Continuing a series on how to better strengthen your personal online privacy, we are looking to take personal inventory of how we connect online. These were themes covered during our webinar “Security Beyond Your Website: Personal Online Privacy” and in a Twitter conversation (through the #Digiblogchat weekly forum) on this same topic. The first posts More Info »
Archive | Security
RSS feed for this sectionFake AmeriCommerce Shopping Cart
Our malware analyst Liam Smith recently found malware on a client’s site that targets ecommerce sites powered by AmeriCommerce software. A popular ecommerce software solution that allows users to run multiple carts with a single admin user, AmeriCommerce product pages typically include an HTML form with the information about the item and an Add to More Info »
Malicious JavaScript Used in WP Site/Home URL Redirects
Our team recently found a malicious JavaScript injection within the WordPress index.php theme file on a compromised WordPress website which ultimately redirects site visitors to a survey-for-gifts scam website. At this time of writing, we have seen over two thousand new infected sites since we started tracking this infection. The injection seen below is used More Info »
Zen Cart “PayPal” Skimmer
While we mostly see skimmers on Magento based websites, this does not mean that less-popular ecommerce platforms are safe from infections with similar payment information stealing malware. Our security analyst Christopher Morrow recently found an injection on a lesser known open source ecommerce platform named Zen Cart, which itself is a fork from the older More Info »
Authentication Bypass Vulnerability in InfiniteWP Client
An authentication bypass vulnerability affecting more than 300,000 InfiniteWP Client plugin users has recently been disclosed to the public. This plugin allows site owners to manage multiple websites from one central server using the InfiniteWP Server. Due to the nature of this plugin, this is a serious vulnerability that should be patched as soon as More Info »
Top 10 Sucuri Research Articles in 2019
As we settle into 2020, it’s a good time to look back at what was learned in the previous year. After all, the past provides valuable lessons for the future. With that thought in mind, we asked our researchers to choose their favorite blog posts from 2019. If your New Year’s resolution for 2020 is More Info »
What is Cross-Site Contamination?
How many websites do you currently have on your server? If the answer is something along the lines of, “One that I really care about, some older ones that I don’t really use, and maybe a dev site that could be live…” then you might want to familiarize yourself with the concept of cross-site contamination. More Info »
Why 2FA SMS is a Bad Idea
Two-factor authentication (2FA) brings an extra layer of security that passwords alone can’t provide. Requiring an extra step for a user to prove their identity reduces the chance of a bad actor gaining access to data. One of the most common methods of 2FA is SMS text messages. The problem is that SMS is not More Info »
Raising Awareness: SiteGround Spotlight
As a company that’s dedicated to providing high-quality website security, we like to partner with like-minded companies that understand how important this is. Website security doesn’t normally the cross the minds of bloggers and small business owners. It’s just not a big deal to most until it’s too late. So, we like to partner with More Info »
CCPA: Sucuri’s Commitment to Protecting Your Data
Protecting our users’ information and privacy is extremely important to us. As a cloud-based security service, we’re fully committed to complying with the requirements of the California Consumer Privacy Act (CCPA) along with other global data protection laws and regulations. The CCPA went into effect Jan. 1, 2020, and we’ve updated our Privacy Policy and More Info »
