Continuing a series on how to strengthen your personal online privacy, we are taking personal inventory of how we connect online. These were themes covered during our webinar on “Security Beyond Your Website: Personal Online Privacy” and during a Twitter conversation (through the #Digiblogchat weekly forum). The first post in this series answers the question: More Info »
Archive | Security
RSS feed for this section5 Website Vulnerability Scanning Tools
Even the most diligent site owners should consider when they had their last website security check. As our own research indicates, infections of the most popular content management systems (CMS) are on the rise. In fact, last year WordPress infections jumped 8%, compared with 2017. That’s why it’s so important to regularly use a website More Info »
Another Fake Google Domain: fonts.googlesapi.com
Our Remediation team lead Ben Martin recently found a fake Google domain that is pretty convincing to the naked eye. The malicious domain was abusing the URL shortener service is.gd: shortened URLs were being injected into the posts table of the client’s WordPress database. Whenever the infected WordPress page loads, the actual content is obscured More Info »
Website Security Tips for Black Friday & Cyber Monday
Sucuri’s focus has always been on educating website owners about the latest threats and vulnerabilities — and much of that depends on our industry-leading research team. As the holiday season approaches, we asked our researchers what recommendations they had for ecommerce website owners to protect their customers, maintain compliance, and mitigate security risks. What do More Info »
Black Friday/Cyber Monday Ecommerce Security Threats
With the end of November comes the height of the holiday shopping season — specifically Black Friday and Cyber Monday sales, which typically span the last calendar days of November into the first week of December. As consumer behavior changes and online transactions become favored over traditional retail-store purchases, Black Friday and Cyber Monday are More Info »
How Many Types of Hackers Are There?
If you are a tech savvy person, you may have been called a “hacker” at some point by someone less technical. Maybe you’ve heard of growth hackers and life hacks. These are not the droids we’re looking for. The word “hack” in computer systems goes back to the 1950’s at M.I.T. when the model railroad More Info »
How to Recognize a Phishing Campaign
Phishing attacks and campaigns have always been a hot topic in online security. With many posts tagged as “phishing” on our blog — the first one being over nine years old now — we’ve seen our fair share of phishing attempts. In this post, we’ll cover the signs of a phishing attacks so you can More Info »
Down the Malware Rabbit Hole: Part II
In our last post in this series, we took a look at a code snippet that had been encoded in a very specific way — and hidden 91 layers deep. Today, we’ll reveal how attackers achieve this level of encoding and investigate one of the many possible tools they can use to conceal malware on More Info »
Mixed Content Warnings in Google Chrome
Migrating your website to HTTPS may seem like a simple task. Get the TLS/SSL certificate, install it on your web server, and you’re done. The real pain for large projects, however, is changing http:// resources to https://. These resources include images, videos, sounds, forms, scripts, and CSS files, along with any externally loaded third-party elements like More Info »
Malicious Android Application Used in Phishing Scam
While we deal with a lot of phishing cases, we rarely see mobile applications used as part of a phishing campaign—these apps add a layer of complexity to the process which deters some bad actors from incorporating into their attack. To launch a successful phish with a mobile application, bad actors first need to figure More Info »
