Jekyll2021-04-06T08:10:06+00:00http://stratusclear.com/feed.xmlStratusclearStratusclear Blog Posts.Spotlight on Women in Cybersecurity2019-03-08T10:21:00+00:002019-03-08T10:21:00+00:00http://stratusclear.com/security/website%20security/spotlight-on-women-in-cybersecurity<p><a href="https://blog.sucuri.net/2019/03/spotlight-on-women-in-cybersecurity.html"><img width="560" height="263" src="https://blog.sucuri.net/wp-content/uploads/2019/03/03082019-spotlight-on-women-in-cyber-security_blog-560x263.png" alt="Spotlight on Women in Cybersecurity" align="center" style="margin: 0 auto 20px" /></a></p>
<p>Sucuri is committed to helping women develop their careers in technology. On International Women’s Day, Sucuri team members share their insights into working in cybersecurity.</p>
<p>Spotlight on Sucuri Women in Cybersecurity</p>
<p>We have asked some of the women who work at Sucuri 3 questions:</p>
<ol>
<li>What do you do at Sucuri?</li>
<li>How did you decide to work with technology?</li>
<li>What do you think the future looks like for women in cybersecurity?</li>
</ol>
<p><a href="https://blog.sucuri.net/2019/03/spotlight-on-women-in-cybersecurity.html" rel="nofollow">Continue reading Spotlight on Women in Cybersecurity at Sucuri Blog.</a></p>
<div class="feedflare">
<a href="http://feeds.feedburner.com/~ff/sucuri/blog?a=6TDruypkbOk:lLTQqHhRe6A:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/sucuri/blog?d=yIl2AUoC8zA" border="0" /></img></a>
</div>
<p><img src="http://feeds.feedburner.com/~r/sucuri/blog/~4/6TDruypkbOk" height="1" width="1" alt="" /></p>sucuri.netSucuri is committed to helping women develop their careers in technology. On International Women’s Day, Sucuri team members share their insights into working in cybersecurity. Spotlight on Sucuri Women in Cybersecurity We have asked some of the women who work at Sucuri 3 questions: What do you do at Sucuri? How did you decide to work with technology? What do you think the future looks like for women in cybersecurity? Continue reading Spotlight on Women in Cybersecurity at Sucuri Blog. </img>How to Add SSL & Move WordPress from HTTP to HTTPS2019-03-06T13:01:00+00:002019-03-06T13:01:00+00:00http://stratusclear.com/google/security/website%20security/wordpress%20security/how-to-add-ssl-move-wordpress-from-http-to-https<p><a href="https://blog.sucuri.net/2019/03/how-to-add-ssl-move-wordpress-from-http-to-https.html"><img width="560" height="263" src="https://blog.sucuri.net/wp-content/uploads/2019/03/03062019-how-to-add-ssl-and-move-wordpress-from-http-to-https_blog-560x263.png" alt="How to Add SSL & Move WordPress from HTTP to HTTPS" align="center" style="margin: 0 auto 20px" /></a></p>
<p>Moving a WordPress website from HTTP to HTTPS should be a priority for any webmaster. Recent statistics show that over 33% of website administrators across the web use WordPress and many of these websites have still not added an SSL certificate.</p>
<p>Why is Important to Have a WordPress SSL Certificate?</p>
<p>SSL has become increasingly important in the past couple of years, not only for securely transmitting information to and from your website, but also to increase visibility and lower the chances of being penalized by website authorities.</p>
<p><a href="https://blog.sucuri.net/2019/03/how-to-add-ssl-move-wordpress-from-http-to-https.html" rel="nofollow">Continue reading How to Add SSL & Move WordPress from HTTP to HTTPS at Sucuri Blog.</a></p>
<div class="feedflare">
<a href="http://feeds.feedburner.com/~ff/sucuri/blog?a=GbIBlRrCNf4:H-vJOEE1-28:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/sucuri/blog?d=yIl2AUoC8zA" border="0" /></img></a>
</div>
<p><img src="http://feeds.feedburner.com/~r/sucuri/blog/~4/GbIBlRrCNf4" height="1" width="1" alt="" /></p>sucuri.netMoving a WordPress website from HTTP to HTTPS should be a priority for any webmaster. Recent statistics show that over 33% of website administrators across the web use WordPress and many of these websites have still not added an SSL certificate. Why is Important to Have a WordPress SSL Certificate? SSL has become increasingly important in the past couple of years, not only for securely transmitting information to and from your website, but also to increase visibility and lower the chances of being penalized by website authorities. Continue reading How to Add SSL & Move WordPress from HTTP to HTTPS at Sucuri Blog. </img>Hacked Website Trend Report – 20182019-03-04T12:30:00+00:002019-03-04T12:30:00+00:00http://stratusclear.com/conditional%20malware/google/security/website%20backdoor/website%20security/hacked-website-trend-report-2018<p><a href="https://blog.sucuri.net/2019/03/hacked-website-trend-report-2018.html"><img width="560" height="263" src="https://blog.sucuri.net/wp-content/uploads/2019/03/03042019-website-hacked-trend-report-2018_blog-560x263.png" alt="Hacked Website Trend Report – 2018" align="center" style="margin: 0 auto 20px" /></a></p>
<p>We are proud to be releasing our latest <b>Hacked Website Trend Report </b>for 2018.</p>
<p>This report is based on data collected and analyzed by the GoDaddy Security / Sucuri team, which includes the Incident Response Team (IRT) and the Malware Research Team (MRT).</p>
<p>The data presented is based on the analysis of <b>25,168 cleanup requests</b> and summarizes the latest trends by bad actors. We’ve built this analysis from prior reports to identify the latest tactics, techniques, and procedures (TTPs) detected by our Remediation Group.</p>
<p><a href="https://blog.sucuri.net/2019/03/hacked-website-trend-report-2018.html" rel="nofollow">Continue reading Hacked Website Trend Report – 2018 at Sucuri Blog.</a></p>
<div class="feedflare">
<a href="http://feeds.feedburner.com/~ff/sucuri/blog?a=RYPoagVxOxY:Skp5EWytrQ8:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/sucuri/blog?d=yIl2AUoC8zA" border="0" /></img></a>
</div>
<p><img src="http://feeds.feedburner.com/~r/sucuri/blog/~4/RYPoagVxOxY" height="1" width="1" alt="" /></p>sucuri.netWe are proud to be releasing our latest Hacked Website Trend Report for 2018. This report is based on data collected and analyzed by the GoDaddy Security / Sucuri team, which includes the Incident Response Team (IRT) and the Malware Research Team (MRT). The data presented is based on the analysis of 25,168 cleanup requests and summarizes the latest trends by bad actors. We’ve built this analysis from prior reports to identify the latest tactics, techniques, and procedures (TTPs) detected by our Remediation Group. Continue reading Hacked Website Trend Report – 2018 at Sucuri Blog. </img>Fake Browser Updates Push Ransomware and Bank Malware2019-02-28T10:39:00+00:002019-02-28T10:39:00+00:00http://stratusclear.com/conditional%20malware/javascript/security/website%20security/wordpress%20security/fake-browser-updates-push-ransomware-and-bank-malware<p><a href="https://blog.sucuri.net/2019/02/fake-browser-updates-push-ransomware-and-bank-malware.html"><img width="560" height="263" src="https://blog.sucuri.net/wp-content/uploads/2019/02/02282019-fake-browser-updates-push-ransomware-and-bank-malware_blog-560x263.png" alt="Fake Browser Updates Push Ransomware and Bank Malware" align="center" style="margin: 0 auto 20px" /></a></p>
<p>Recently we came across a malicious campaign injecting scripts that push fake browser updates onto site visitors.</p>
<p>This is what a typical fake update request looks like:</p>
<p>Users see a message box that says it’s an “Update Center” for your browser type (in my case it’s Firefox, but they also have such messages for Chrome, Internet Explorer and Edge browsers).</p>
<p>The message reads: “<em>A critical error has occurred due to the outdated version of the browser.</em></p>
<p><a href="https://blog.sucuri.net/2019/02/fake-browser-updates-push-ransomware-and-bank-malware.html" rel="nofollow">Continue reading Fake Browser Updates Push Ransomware and Bank Malware at Sucuri Blog.</a></p>
<div class="feedflare">
<a href="http://feeds.feedburner.com/~ff/sucuri/blog?a=ewKHoT_aOD8:Wf861jR_ekc:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/sucuri/blog?d=yIl2AUoC8zA" border="0" /></img></a>
</div>
<p><img src="http://feeds.feedburner.com/~r/sucuri/blog/~4/ewKHoT_aOD8" height="1" width="1" alt="" /></p>sucuri.netRecently we came across a malicious campaign injecting scripts that push fake browser updates onto site visitors. This is what a typical fake update request looks like: Users see a message box that says it’s an “Update Center” for your browser type (in my case it’s Firefox, but they also have such messages for Chrome, Internet Explorer and Edge browsers). The message reads: “A critical error has occurred due to the outdated version of the browser. Continue reading Fake Browser Updates Push Ransomware and Bank Malware at Sucuri Blog. </img>Google Analytics and Angular in Magento Credit Card Stealing Scripts2019-02-26T12:30:00+00:002019-02-26T12:30:00+00:00http://stratusclear.com/google/javascript/security/website%20security/google-analytics-and-angular-in-magento-credit-card-stealing-scripts<p><a href="https://blog.sucuri.net/2019/02/google-analytics-and-angular-in-magento-credit-card-stealing-scripts.html"><img width="560" height="263" src="https://blog.sucuri.net/wp-content/uploads/2019/02/02262019-google-analytics-and-angular-in-magento-credit-card-stealing-scripts_blog1-560x263.png" alt="Google Analytics and Angular in Magento Credit Card Stealing Scripts" align="center" style="margin: 0 auto 20px" /></a></p>
<p>Over the last few months, we’ve noticed several credit card-stealing scripts that use variations of the <b>Google Analytics</b> name to make them look less suspicious and evade detection by website owners.</p>
<p>The malicious code is obfuscated and injected into legitimate JS files, such as <b>skin/frontend/default/theme122k/js/jquery.jscrollpane.min.js</b>, <b>js/meigee/jquery.min.js</b>, and <b>js/varien/js.js</b>.</p>
<p>The obfuscated code loads another script from <b>www.google-analytics</b><b>[.]cm</b><b>/analytics.js</b>.</p>
<p><a href="https://blog.sucuri.net/2019/02/google-analytics-and-angular-in-magento-credit-card-stealing-scripts.html" rel="nofollow">Continue reading Google Analytics and Angular in Magento Credit Card Stealing Scripts at Sucuri Blog.</a></p>
<div class="feedflare">
<a href="http://feeds.feedburner.com/~ff/sucuri/blog?a=h_nVww4C3g0:sq982X9JWg8:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/sucuri/blog?d=yIl2AUoC8zA" border="0" /></img></a>
</div>
<p><img src="http://feeds.feedburner.com/~r/sucuri/blog/~4/h_nVww4C3g0" height="1" width="1" alt="" /></p>sucuri.netOver the last few months, we’ve noticed several credit card-stealing scripts that use variations of the Google Analytics name to make them look less suspicious and evade detection by website owners. The malicious code is obfuscated and injected into legitimate JS files, such as skin/frontend/default/theme122k/js/jquery.jscrollpane.min.js, js/meigee/jquery.min.js, and js/varien/js.js. The obfuscated code loads another script from www.google-analytics[.]cm/analytics.js. Continue reading Google Analytics and Angular in Magento Credit Card Stealing Scripts at Sucuri Blog. </img>Hackers Use Fake Google reCAPTCHA to Cloak Banking Malware2019-02-21T12:24:00+00:002019-02-21T12:24:00+00:00http://stratusclear.com/google/phishing/security/website%20security/hackers-use-fake-google-recaptcha-to-cloak-banking-malware<p><a href="https://blog.sucuri.net/2019/02/hackers-use-fake-google-recaptcha-to-cloak-banking-malware.html"><img width="560" height="263" src="https://blog.sucuri.net/wp-content/uploads/2019/02/02212019-hackers-use-fake-google-recaptcha-to-cloak-banking-malware_blog-560x263.png" alt="Hackers Use Fake Google reCAPTCHA to Cloak Banking Malware" align="center" style="margin: 0 auto 20px" /></a></p>
<p>The most effective phishing and malware campaigns usually employ one of the following two age-old social engineering techniques:</p>
<p style="padding-left: 30px"><b>Impersonation</b></p>
<p style="padding-left: 30px">These online phishing campaigns impersonate a popular brand or product through specially crafted emails, SMS, or social media networks. These campaigns employ various methods including email spoofing, fake or real employee names, and recognized branding to trick users into believing they are from a legitimate source. Impersonation phishing campaigns may also contain a victim’s name, email address, account number, or some other personal detail.</p>
<p><a href="https://blog.sucuri.net/2019/02/hackers-use-fake-google-recaptcha-to-cloak-banking-malware.html" rel="nofollow">Continue reading Hackers Use Fake Google reCAPTCHA to Cloak Banking Malware at Sucuri Blog.</a></p>
<div class="feedflare">
<a href="http://feeds.feedburner.com/~ff/sucuri/blog?a=7A-g8bD4Rvs:TyBdqCElsp8:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/sucuri/blog?d=yIl2AUoC8zA" border="0" /></img></a>
</div>
<p><img src="http://feeds.feedburner.com/~r/sucuri/blog/~4/7A-g8bD4Rvs" height="1" width="1" alt="" /></p>sucuri.netThe most effective phishing and malware campaigns usually employ one of the following two age-old social engineering techniques: Impersonation These online phishing campaigns impersonate a popular brand or product through specially crafted emails, SMS, or social media networks. These campaigns employ various methods including email spoofing, fake or real employee names, and recognized branding to trick users into believing they are from a legitimate source. Impersonation phishing campaigns may also contain a victim’s name, email address, account number, or some other personal detail. Continue reading Hackers Use Fake Google reCAPTCHA to Cloak Banking Malware at Sucuri Blog. </img>The Importance of Website Logs2019-02-19T11:56:00+00:002019-02-19T11:56:00+00:00http://stratusclear.com/security/website%20security/wordpress%20plugins/wordpress%20security/the-importance-of-website-logs<p><a href="https://blog.sucuri.net/2019/02/the-importance-of-website-logs.html"><img width="560" height="263" src="https://blog.sucuri.net/wp-content/uploads/2019/02/02192019-the-importance-of-website-logs_blog-560x263.png" alt="The Importance of Website Logs" align="center" style="margin: 0 auto 20px" /></a></p>
<p>As a security company, we deal with a lot of compromised websites. Unfortunately, in most cases, we have limited access to customer logs, which is one of the reasons why we don’t offer forensic analysis.</p>
<p>Sucuri offers website monitoring, protection, and clean up, but sometimes we go that extra mile and investigate how websites become compromised in the first place. This usually happens when websites become reinfected after a cleanup.</p>
<p>The reinfection itself can be caused by something as simple as a compromised admin user.</p>
<p><a href="https://blog.sucuri.net/2019/02/the-importance-of-website-logs.html" rel="nofollow">Continue reading The Importance of Website Logs at Sucuri Blog.</a></p>
<div class="feedflare">
<a href="http://feeds.feedburner.com/~ff/sucuri/blog?a=c-SJ-3r2FAg:jbBg6TMzbWE:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/sucuri/blog?d=yIl2AUoC8zA" border="0" /></img></a>
</div>
<p><img src="http://feeds.feedburner.com/~r/sucuri/blog/~4/c-SJ-3r2FAg" height="1" width="1" alt="" /></p>sucuri.netAs a security company, we deal with a lot of compromised websites. Unfortunately, in most cases, we have limited access to customer logs, which is one of the reasons why we don’t offer forensic analysis. Sucuri offers website monitoring, protection, and clean up, but sometimes we go that extra mile and investigate how websites become compromised in the first place. This usually happens when websites become reinfected after a cleanup. The reinfection itself can be caused by something as simple as a compromised admin user. Continue reading The Importance of Website Logs at Sucuri Blog. </img>Add Security to Your Website Agency Portfolio2019-02-15T07:19:00+00:002019-02-15T07:19:00+00:00http://stratusclear.com/security/website%20security/add-security-to-your-website-agency-portfolio<p><a href="https://blog.sucuri.net/2019/02/add-security-to-your-website-agency-portfolio.html"><img width="560" height="263" src="https://blog.sucuri.net/wp-content/uploads/2019/02/02142019-add-security-to-your-website-agency-portfolio_blog-560x263.png" alt="Add Security to Your Website Agency Portfolio" align="center" style="margin: 0 auto 20px" /></a></p>
<p>As a website industry professional, you are aware of the importance of website security. This is especially true when managing 10 or more sites. How can you convey this message to your customers?</p>
<p>Offering Website Security to Clients</p>
<p>Website security should be part of any web professional’s portfolio. How can you get started talking with your clients about website security?</p>
<p>Here are some ways to approach this topic and have customers onboard with a website security offering.</p>
<p><a href="https://blog.sucuri.net/2019/02/add-security-to-your-website-agency-portfolio.html" rel="nofollow">Continue reading Add Security to Your Website Agency Portfolio at Sucuri Blog.</a></p>
<div class="feedflare">
<a href="http://feeds.feedburner.com/~ff/sucuri/blog?a=6MoSwY0pXhg:fWBKB4nqQkY:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/sucuri/blog?d=yIl2AUoC8zA" border="0" /></img></a>
</div>
<p><img src="http://feeds.feedburner.com/~r/sucuri/blog/~4/6MoSwY0pXhg" height="1" width="1" alt="" /></p>sucuri.netAs a website industry professional, you are aware of the importance of website security. This is especially true when managing 10 or more sites. How can you convey this message to your customers? Offering Website Security to Clients Website security should be part of any web professional’s portfolio. How can you get started talking with your clients about website security? Here are some ways to approach this topic and have customers onboard with a website security offering. Continue reading Add Security to Your Website Agency Portfolio at Sucuri Blog. </img>Googlebot or a DDoS Attack?2019-02-12T12:36:00+00:002019-02-12T12:36:00+00:00http://stratusclear.com/google/security/website%20firewall/website%20security/googlebot-or-a-ddos-attack<p><a href="https://blog.sucuri.net/2019/02/googlebot-or-a-ddos-attack.html"><img width="560" height="263" src="https://blog.sucuri.net/wp-content/uploads/2019/01/01312019-googlebot-or-a-ddos-attack_blog-560x263.png" alt="Googlebot or a DDoS Attack?" align="center" style="margin: 0 auto 20px" /></a></p>
<p>A bot is a software application that uses automation to run scripts on the internet. Also called crawlers or spiders, these guys take on the simple yet repetitive tasks we do. There are legitimate bots and malicious ones. A Web Application Firewall (WAF) filters the web traffic and blocks any malicious bots, letting the good ones pass.</p>
<p><strong>Googlebot</strong> is Google’s web crawling bot. Google uses it to discover new and updated pages to be added to the search engine index.</p>
<p><a href="https://blog.sucuri.net/2019/02/googlebot-or-a-ddos-attack.html" rel="nofollow">Continue reading Googlebot or a DDoS Attack? at Sucuri Blog.</a></p>
<div class="feedflare">
<a href="http://feeds.feedburner.com/~ff/sucuri/blog?a=SN9jCi53dD8:Fw6l1ljaS8I:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/sucuri/blog?d=yIl2AUoC8zA" border="0" /></img></a>
</div>
<p><img src="http://feeds.feedburner.com/~r/sucuri/blog/~4/SN9jCi53dD8" height="1" width="1" alt="" /></p>sucuri.netA bot is a software application that uses automation to run scripts on the internet. Also called crawlers or spiders, these guys take on the simple yet repetitive tasks we do. There are legitimate bots and malicious ones. A Web Application Firewall (WAF) filters the web traffic and blocks any malicious bots, letting the good ones pass. Googlebot is Google’s web crawling bot. Google uses it to discover new and updated pages to be added to the search engine index. Continue reading Googlebot or a DDoS Attack? at Sucuri Blog. </img>The Anatomy of Website Malware: An Introduction2019-02-07T12:11:00+00:002019-02-07T12:11:00+00:00http://stratusclear.com/security/website%20security/the-anatomy-of-website-malware-an-introduction<p><a href="https://blog.sucuri.net/2019/02/the-anatomy-of-website-malware-an-introduction.html"><img width="560" height="263" src="https://blog.sucuri.net/wp-content/uploads/2019/02/02052019-anatomy-of-malware_blog-560x263.png" alt="The Anatomy of Website Malware: An Introduction" align="center" style="margin: 0 auto 20px" /></a></p>
<p>We see a lot of files infected by website malware on a daily basis here at Sucuri Labs. What we don’t see is very many categories of infections. The purpose of this blog post series is to provide an overview of the most common infection categories and types of website malware.</p>
<p>Are you interested in how backdoors, injectors, hacktools, or spam redirectors look and operate on a website? I’ll be covering these topics (and many others) in my upcoming articles.</p>
<p><a href="https://blog.sucuri.net/2019/02/the-anatomy-of-website-malware-an-introduction.html" rel="nofollow">Continue reading The Anatomy of Website Malware: An Introduction at Sucuri Blog.</a></p>
<div class="feedflare">
<a href="http://feeds.feedburner.com/~ff/sucuri/blog?a=QblnIgPQWWA:cGXuHBb7Cfk:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/sucuri/blog?d=yIl2AUoC8zA" border="0" /></img></a>
</div>
<p><img src="http://feeds.feedburner.com/~r/sucuri/blog/~4/QblnIgPQWWA" height="1" width="1" alt="" /></p>sucuri.netWe see a lot of files infected by website malware on a daily basis here at Sucuri Labs. What we don’t see is very many categories of infections. The purpose of this blog post series is to provide an overview of the most common infection categories and types of website malware. Are you interested in how backdoors, injectors, hacktools, or spam redirectors look and operate on a website? I’ll be covering these topics (and many others) in my upcoming articles. Continue reading The Anatomy of Website Malware: An Introduction at Sucuri Blog. </img>