Call Us Today at 1-403-291-9811 or 1-866-291-3857

Web Security

  • Risks For E-commerce Site Owners Through the Holidays 22 November 2017 Risks For E-commerce Site Owners Through the Holidays

    Shopping season is here, and with that, so is the opportunity for ecommerce site owners to grow their revenue and reputation. However, hackers are also busy infecting ecommerce websites with malware, such as:

    • Credit Card Swipers
    • Malicious Payment Gateways
    • Malware Downloads

    Now is the time when attackers target those last-minute shoppers buying products online.

    Over the last few years, it has become increasingly popular for attackers to execute credit card fraud against ecommerce shoppers generating big money by abusing and selling stolen customer information.

    Continue reading Risks For E-commerce Site Owners Through the Holidays at Sucuri Blog.

  • How to Avoid Malicious Cyber Monday Campaigns 15 November 2017 How to Avoid Malicious Cyber Monday Campaigns

    As consumers prepare to take advantage of the discounts and promotions for the Black Friday and Cyber Monday ecommerce holidays, bad actors are crafting fraudulent websites, phishing, and malware campaigns to capitalize on the profits.

    In past years, targeted Cyber Monday phishing emails posed a huge risk to consumers. These emails, designed to appear from a legitimate company or online retailer, often redirected recipients to a fake website where they request PINs or other sensitive financial information and can potentially lead to identity theft or fraudulent transactions.

    Continue reading How to Avoid Malicious Cyber Monday Campaigns at Sucuri Blog.

  • SQL Injection in bbPress 13 November 2017 SQL Injection in bbPress

    During regular audits of our Sucuri Firewall (WAF), one of our researchers at the time, Slavco Mihajloski, discovered an SQL Injection vulnerability affecting bbPress. If the proper conditions are met, this vulnerability is very easy to abuse by any visitors on the victim’s website.

    Because details about this vulnerability have been made public today on a Hackerone report, and updating to the latest version of WordPress fixes the root cause of the problem, we chose to disclose this bug and make the details public.

    Continue reading SQL Injection in bbPress at Sucuri Blog.

  • Why Attackers Hack Small Sites 8 November 2017 Why Attackers Hack Small Sites

    You would never leave the front door to your house wide open when you’re not home would you? Doing so would allow criminals to seize the opportunity of stealing your valuables. That’s the same way you can look at website hacking. Leaving your website unprotected is like establishing an open-door policy with hackers, giving them access to view sensitive information and modify your website content.

    Hackers view your site as a possible tool for their end purpose.

    Continue reading Why Attackers Hack Small Sites at Sucuri Blog.

  • New WordPress Security Guide 3 November 2017 New WordPress Security Guide

    WordPress has become the most popular CMS and now powers over 28% of the web. With over 60 million downloads, its popularity makes it a prime target for malicious hackers that are looking for vulnerabilities to exploit. If an attacker is able to gain unauthorized access into an insecure website, they can leverage valuable resources for malware or spam campaigns, harming a website’s visitors and reputation.

    Our new guide is intended to educate WordPress administrators on basic security techniques and steps to help improve your security posture.

    Continue reading New WordPress Security Guide at Sucuri Blog.

  • Cryptominers on Hacked Sites – Part 2 25 October 2017 Cryptominers on Hacked Sites – Part 2

    Last month we wrote about how the emergence of website cryptocurrency miners resulted in hackers abusing the technology by injecting the CoinHive miners into compromised sites without the consent of the website owners.

    We reviewed two types of infections that affected WordPress and Magento sites, and have been monitoring the malicious use of the CoinHive cryptominer. What we are discovering is that there are more and more attacks in the wild using cryptominers, which affects all major CMS platforms.

    Continue reading Cryptominers on Hacked Sites – Part 2 at Sucuri Blog.

  • Malware Serving SEO Spam from External Sites 18 October 2017 Malware Serving SEO Spam from External Sites

    We handle an enormous number of SEO spam infections here at Sucuri. In Q3 of 2016, approximately 37% of all website infection cases were related to SEO spam campaigns through PHP, database injections or .htaccess redirects.

    An SEO spam infection can be devastating to a website’s credibility and reputation. Many website owners recognize and appreciate the enormous effort involved in carefully creating and optimizing pages for search engines. Unfortunately, attackers don’t care about the size of your website – even if you’ve just started out, you can still be targeted for quick, cheap SEO.

    Continue reading Malware Serving SEO Spam from External Sites at Sucuri Blog.

  • Mayhem Malware Server Botnet Continues to Evolve 12 October 2017 Mayhem Malware Server Botnet Continues to Evolve

    Three years ago, researchers at Yandex discovered a complex server infection, dubbed Mayhem, that embeds itself deep within a system by compiling a shared object and running as a service. This also allows the malware to operate under restricted privileges, and is difficult to clean up effectively – even if an infected site gets restored from a backup, the malware would still be there.

    Mayhem is essentially a malicious bot for web servers.

    Continue reading Mayhem Malware Server Botnet Continues to Evolve at Sucuri Blog.

  • Credit Card Stealer Investigation Uncovers Malware Ring 10 October 2017 Credit Card Stealer Investigation Uncovers Malware Ring

    During a recent investigation, I found a new piece of malicious code being used to steal credit card information from compromised Magento sites.

    What I didn’t know was how many domains would be uncovered as part of the malware campaign. Each of the malicious domain names was specifically chosen to appear as legitimate as possible to the website owner. The hosting provider used for these domains also turned out to be used for much more.

    Continue reading Credit Card Stealer Investigation Uncovers Malware Ring at Sucuri Blog.

  • Website Hosting: Security Awareness Can Reduce Costs 3 October 2017 Website Hosting: Security Awareness Can Reduce Costs

    Website hosting security has matured in recent years. Naturally, the types of security issues have changed because of it. For example, cross-contamination over multiple shared hosting accounts used to be a major problem for large website hosting providers,  but this isn’t really a huge threat today. However, malware attacks and other website security-related issues at the account level, are still very real problems. Just ask anyone who has had their website defaced, redirected, or abused in phishing attacks.

    Continue reading Website Hosting: Security Awareness Can Reduce Costs at Sucuri Blog.

  • Fake Plugins, Fake Security 28 September 2017 Fake Plugins, Fake Security

    Update: The plugin name is fake and has nothing to do with the well-known WP-SpamShield plugin in the official WordPress plugin repository.

    WordPress users are becoming increasingly more aware of security threats and as a result, they are taking more actions to secure their websites (e.g. by installing security plugins). While this is a good thing, there are always black hats trying to take advantage of new opportunities to compromise websites.

    Continue reading Fake Plugins, Fake Security at Sucuri Blog.