Call Us Today at 1-403-291-9811 or 1-866-291-3857

Web Security

  • New Non-HTTPS Websites Blacklisted for Phishy Password Practices 26 May 2017 New Non-HTTPS Websites Blacklisted for Phishy Password Practices

    We submit hundreds of blacklist review requests every day after cleaning our clients’ websites. Google’s Deceptive Content warning applies when Google detects dangerous code that attempts to trick users into revealing sensitive information.

    For the past couple of months we have noticed that the number of websites blacklisted with Deceptive Content warnings has increased for no apparent reason. The sites were clean, and there was no external resources loading on the website.

    Continue reading New Non-HTTPS Websites Blacklisted for Phishy Password Practices at Sucuri Blog.

  • Personal Security Guide – Online Accounts 23 May 2017 Personal Security Guide – Online Accounts

    In our last post on browser security, we talked about how developing a broader security mindset can help keep your website safe. By taking steps to secure your online accounts you can prevent hackers from gaining unauthorized access to your website. There are a number of ways that compromised accounts can leave you exposed to a website security incident – including but not limited to – your email, registrar, hosting company, repositories, and even social media accounts.

    Continue reading Personal Security Guide – Online Accounts at Sucuri Blog.

  • Personal Security Guide – Web Browsers 19 May 2017 Personal Security Guide – Web Browsers

    If your computer is infected, malware can spread to your website through text editors and FTP clients. Weak passwords are also vulnerable to brute force attacks, and using unsecured networks to access the internet can leave you exposed to hackers.

    As a website owner, you have to consider the broader impacts of your overall security posture. Practicing security in every aspect of digital communication will ultimately protect you, your website and visitors.

    This post is the first in a series of personal security guides that can be used to strengthen your online defenses.

    Continue reading Personal Security Guide – Web Browsers at Sucuri Blog.

  • SQL Injection Vulnerability in Joomla! 3.7 17 May 2017 SQL Injection Vulnerability in Joomla! 3.7

    During regular research audits for our Sucuri Firewall (WAF), we discovered a SQL Injection vulnerability affecting Joomla! 3.7 – CVE-2017-8917. The vulnerability is easy to exploit and doesn’t require a privileged account on the victim’s site.

    Are You at Risk?

    The vulnerability is caused by a new component, com_fields, which was introduced in version 3.7. If you use this version, you are affected and should update as soon as possible. This vulnerable component is publicly accessible, which means this issue can be exploited by any malicious individual visiting your site.

    Continue reading SQL Injection Vulnerability in Joomla! 3.7 at Sucuri Blog.

  • Website Availability and Security When Migrating Hosts 12 May 2017 Website Availability and Security When Migrating Hosts

    Website security is a continuous process. It’s not something that should be turned on when the time is right; rather integrated into the full scope of how you deploy a website, maintain it, and ensure the safety of your visitors.

    At Sucuri, we protect websites with a wide range of website configurations, including business owners with a single website, multi-site WordPress installations, and web agencies who work with a number of clients. One of the biggest concerns for all of them – and an often overlooked aspect of security – is availability or downtime.

    Continue reading Website Availability and Security When Migrating Hosts at Sucuri Blog.

  • Fake WordPrssAPI Stealing Cookies and Hijacking Sessions 9 May 2017 Fake WordPrssAPI Stealing Cookies and Hijacking Sessions

    Cookies are stored in the user’s browser to track behavior on a specific website. They also keep a user logged in during the active browsing session. Without cookies a user would need to log in, in order to authenticate every action they take. Essentially, cookies keep a user logged in until they either log out or the cookie expires.

    Cookie Stealing and Session Hijacking

    If an attacker is able to steal active cookies, the attacker can pretend to be that user and perform any actions the user has permissions to perform.

    Continue reading Fake WordPrssAPI Stealing Cookies and Hijacking Sessions at Sucuri Blog.

  • Introducing the New Sucuri Customer Dashboard 4 May 2017 Introducing the New Sucuri Customer Dashboard

    Over the course of the last year, our teams have been getting creative and making a collaborative effort to improve the experience of our customer dashboard.

    Website security is multifaceted and we understand the logistical complexities of managing multiple sites. That’s why we are continually brainstorming ways to make the management of your website security tools more streamlined. As always, your suggestions are greatly appreciated. Thank you for helping us create a better product each day.

    Continue reading Introducing the New Sucuri Customer Dashboard at Sucuri Blog.

  • Labs Notes Recap – Apr/2017 2 May 2017 Labs Notes Recap – Apr/2017

    This month, our Malware Research and Incident Response teams wrote about several malware techniques that attempt to evade detection by focusing on small changes that website owners might miss. Examples include typos in domain names, unused top-level domains (i.e. .com, .solutions), and delayed banner ads.

    Sucuri Labs provides website malware research updates directly from our teams on the front line. You can read past-monthly recaps to catch up on trends we look at every month.

    Continue reading Labs Notes Recap – Apr/2017 at Sucuri Blog.

  • Sucuri Firewall Dashboard Update 27 April 2017 Sucuri Firewall Dashboard Update

    If you are a customer of ours, you may have noticed the recent updates we’ve made to our dashboard. These changes enhance your ability to manage the Sucuri Firewall and view detailed reports on the attacks being blocked from accessing your site. The dashboard has a new layout that improves both navigatio, clarity and usability of the product.

    If you’re not familiar with our firewall, it’s a cloud-based Website Application Firewall (WAF) and Intrusion Prevention System (IPS).

    Continue reading Sucuri Firewall Dashboard Update at Sucuri Blog.

  • How to Use Splunk with Sucuri Audit Trails 25 April 2017 How to Use Splunk with Sucuri Audit Trails

    The Sucuri Firewall dashboard provides a rich set of API functions that can be used to control your firewall settings remotely. In addition, there is an API function to download your Audit Trails in JSON format.

    The audit trail is a list of blocked requests that the firewall performed on your behalf to keep your site safe. While it’s possible to view your audit trails in your Sucuri dashboard, you can get even more powerful analysis and comparison when you load them into Splunk.

    Continue reading How to Use Splunk with Sucuri Audit Trails at Sucuri Blog.

  • Ask Sucuri: What is the Principle of Least Privilege? 21 April 2017 Ask Sucuri: What is the Principle of Least Privilege?

    If you own a website and collaborate with others, the principle of least privilege should never be questioned. It is a computer science principle which has applications and benefits to strengthen your website security posture.

    This principle is about:

    • Using the minimal set of privileges on a system in order to perform an action.
    • Granting those privileges only for the time the action is necessary.

    Access Control Example

    If you hire a gardener, you grant them access to your yard – not your bedroom, living room or your home office.

    Continue reading Ask Sucuri: What is the Principle of Least Privilege? at Sucuri Blog.