Call Us Today at 1-403-291-9811 or 1-866-291-3857

Web Security

  • Zen Cart “PayPal” Skimmer 17 January 2020 Zen Cart “PayPal” Skimmer

    While we mostly see skimmers on Magento based websites, this does not mean that less-popular ecommerce platforms are safe from infections with similar payment information stealing malware.

    Our security analyst Christopher Morrow recently found an injection on a lesser known open source ecommerce platform named Zen Cart, which itself is a fork from the older OsCommerce. Credit card skimmers are not found as often for Zen Cart. This is because the Zen Cart user base is quite small (0.1%) when compared to other open source platforms like Magento (0.8%) or Prestashop (0.6%) – according to W3’s latest information.

    Continue reading Zen Cart “PayPal” Skimmer at Sucuri Blog.

  • Authentication Bypass Vulnerability in InfiniteWP Client 16 January 2020 Authentication Bypass Vulnerability in InfiniteWP Client

    An authentication bypass vulnerability affecting more than 300,000 InfiniteWP Client plugin users has recently been disclosed to the public. This plugin allows site owners to manage multiple websites from one central server using the InfiniteWP Server.

    Due to the nature of this plugin, this is a serious vulnerability that should be patched as soon as possible to mitigate risk. InfiniteWP users can update their plugin with the latest version 1.9.4.5.

    Continue reading Authentication Bypass Vulnerability in InfiniteWP Client <= 1.9.4.4  at Sucuri Blog.

  • Top 10 Sucuri Research Articles in 2019 14 January 2020 Top 10 Sucuri Research Articles in 2019

    As we settle into 2020, it’s a good time to look back at what was learned in the previous year. After all, the past provides valuable lessons for the future.

    With that thought in mind, we asked our researchers to choose their favorite blog posts from 2019. If your New Year’s resolution for 2020 is to beef up your cybersecurity, these articles can get you up to speed.

    1. How to Know If You Are Under a DDoS Attack

    By 2019, it’s likely most internet users are familiar with Distributed Denial of Services (DDoS) attacks.

    Continue reading Top 10 Sucuri Research Articles in 2019 at Sucuri Blog.

  • What is Cross-Site Contamination? 9 January 2020 What is Cross-Site Contamination?

    How many websites do you currently have on your server? If the answer is something along the lines of,  “One that I really care about, some older ones that I don’t really use, and maybe a dev site that could be live…” then you might want to familiarize yourself with the concept of cross-site contamination.

    What Is Cross-Site Contamination?

    Babies in daycare are more prone to picking up germs than babies who stay home most of the day.

    Continue reading What is Cross-Site Contamination? at Sucuri Blog.

  • Why 2FA SMS is a Bad Idea 7 January 2020 Why 2FA SMS is a Bad Idea

    Two-factor authentication (2FA) brings an extra layer of security that passwords alone can’t provide. Requiring an extra step for a user to prove their identity reduces the chance of a bad actor gaining access to data.

    One of the most common methods of 2FA is SMS text messages. The problem is that SMS is not a secure medium. Hackers have several tools in their arsenal that can intercept, phish, and spoof SMS. Despite this security flaw and better options for authentication, SMS-based 2FA is still used by several institutions.

    Continue reading Why 2FA SMS is a Bad Idea at Sucuri Blog.

  • Raising Awareness: SiteGround Spotlight 6 January 2020 Raising Awareness: SiteGround Spotlight

    As a company that’s dedicated to providing high-quality website security, we like to partner with like-minded companies that understand how important this is.

    Website security doesn’t normally the cross the minds of bloggers and small business owners. It’s just not a big deal to most until it’s too late. So, we like to partner with companies that can point those people in the right direction when they need us.

    SiteGround: Hosting 2 Million Websites

    SiteGround is one of the most well-known and respected web hosting companies in the world.

    Continue reading Raising Awareness: SiteGround Spotlight at Sucuri Blog.

  • CCPA: Sucuri’s Commitment to Protecting Your Data 2 January 2020 CCPA: Sucuri’s Commitment to Protecting Your Data

    Protecting our users’ information and privacy is extremely important to us. As a cloud-based security service, we’re fully committed to complying with the requirements of the California Consumer Privacy Act (CCPA) along with other global data protection laws and regulations.

    The CCPA went into effect Jan. 1, 2020, and we’ve updated our Privacy Policy and Cookie Policy to meet these new compliance requirements. There is a six-month grace period for businesses to adjust their websites, processes, and policies before enforcement.

    Continue reading CCPA: Sucuri’s Commitment to Protecting Your Data at Sucuri Blog.

  • The Anatomy of Website Malware Part 2: Credit Card Stealers 30 December 2019 The Anatomy of Website Malware Part 2: Credit Card Stealers

    One of the biggest malicious trends in the last few months and years are credit card stealers — also commonly referred to as credit card skimmers or cc stealers.

    In the second part of this Website Malware Anatomy series, I’m going to deconstruct several skimmers and show you what they look like, where they are hiding, and how they work.

    What Are Credit Card Stealers?

    When a website gets infected, website owners often ask “WHY?!” — this is especially the case with “invisible” malware types like backdoors and similar attacks where the infection’s purpose is not clear.

    Continue reading The Anatomy of Website Malware Part 2: Credit Card Stealers at Sucuri Blog.

  • How Passwords Get Hacked 26 December 2019 How Passwords Get Hacked

    How many passwords do you use in a given day?

    Everything on the internet requires a password. It can be tough to keep track of them all and keep coming up with strong passwords. For proof, listen to the grumblings in most office buildings on the day passwords are set to expire.

    The disdain for passwords leads to a lot of bad password practices. This includes reusing passwords or keeping them basic.

    Continue reading How Passwords Get Hacked at Sucuri Blog.

  • 5 Year Anniversary of the SoakSoak Malware Tsunami 19 December 2019 5 Year Anniversary of the SoakSoak Malware Tsunami

    This is a story about the SoakSoak malware campaign that proved that you can’t underestimate impact of security issues in popular premium software.

    These days, the majority of popular content management systems are 100% free: WordPress, Magento, Joomla, Drupal, etc. Moreover, most CMS extensions are also free. In fact, modern webmasters can build any type of site entirely through free software. Most popular software has thousands — or even millions — of installations.

    Continue reading 5 Year Anniversary of the SoakSoak Malware Tsunami at Sucuri Blog.

  • How Websites Are Used to Spread Emotet Malware 18 December 2019 How Websites Are Used to Spread Emotet Malware

    In past posts, we’ve discussed the more popular reasons why hackers target smaller websites. Today, we’ll focus instead on how hackers use compromised websites to spread dangerous malware like Emotet to end user victims.

    Emotet Threat

    First off, what is Emotet and how would a hacker benefit from using a compromised website to distribute it?

    Emotet is a popular trojan that originally targeted financial data on devices it infected. In recent years, it has shifted to a modular information stealer which allows it to act as a malware dropper.

    Continue reading How Websites Are Used to Spread Emotet Malware at Sucuri Blog.