To bring awareness to what threatens the integrity of websites, we are continuing a series of posts on the OWASP top 10 security risks. The OWASP Top 10 list consists of the 10 most seen application vulnerabilities: Injection Broken Authentication Sensitive data exposure XML External Entities (XXE) Broken Access control Security misconfigurations Cross Site Scripting More Info »
Archive | Security
RSS feed for this sectionFake Volkswagen Campaign Spreads Through Social Networks
We recently investigated a suspicious link received by one of my colleagues on WhatsApp. The message (in Portuguese) states that Volkswagen is offering 20 free cars until the end of the year, and directs users to participate on a site that has been apparently crafted especially for this “event”. After an initial investigation, it became More Info »
Localization and Customization of Credit Card Stealing Malware
Credit card stealing malware is becoming more and more customized. We’ve been regularly seeing injected scripts with URLs that either mimic or include a portion of the victim’s site domain. Sometimes the injected code also references the victim’s site. Recently, we’ve come across another level of customization. Fake Payment Form in Bulgarian A compromised Magento More Info »
Using Innocent Roles to Hide Admin Users
All across the internet, we find guides and tutorials on how to keep your WordPress site secure. Most of them approach the concept of user roles, but not many actually approach the capabilities of those roles. The way the capabilities are handled on WordPress makes it quite easy to change what each role is allowed More Info »
What is Phishing?
Phishing is a serious threat to any industry. We have seen this topic appear in the news more each day. You might have already received a fraudulent email from what seemed to be your bank or even seen the hacking that took place during the 2016 US presidential election. But what do you know about phishing? More Info »
Fear, Uncertainty, and Doubt
There’s a term for the practice of scaring potential customers into purchasing products or services they don’t need: FUD; fear, uncertainty, and doubt. This practice is widespread in the computer/IT industries at large, but is especially present in the security industry. People don’t want to get hacked—but may also not understand the issues and forces More Info »
Navigating Data Responsibility
As we take a step back and think about how much the Internet has grown over the past 20 years, we realize how much content/data has been made available to everyone. Moving forward, there’s no reason to expect data availability to slow down. In fact, insideBIGDATA claims: There are many sources that predict exponential data More Info »
A Scam-Free Cyber Monday for Online Businesses
Every year we see an increase in website attacks during the holidays. While business owners see their sales go up due to promotional Black Friday and Cyber Monday campaigns, hackers are in the background working nonstop to create malicious, fraudulent websites as well as take advantage of legitimate ones. Main Cyber Monday Threats Phishing Pages One More Info »
PCI for SMB: Requirement 9 – Implement Strong Access Control Measures
Welcome to the sixth post of a series on understanding the Payment Card Industry Data Security Standard–PCI DSS. We want to show how PCI DSS affects anyone going through the compliance process using the PCI SAQ’s (Self Assessment Questionnaires). In the previous articles written about PCI, we covered the following: Requirement 1: Build and Maintain More Info »
Real-Time Fine-Tuning of the WAF via API
Though the Sucuri Firewall is simple to set up and protects your website immediately, it’s possible to have granular control of the WAF by using an API. For instance, there’s a specific filter inside the WAF dashboard called Emergency DDoS. This filter basically increases the strength of the DDoS protection to an “emergency” level where More Info »
