- E-Commerce Security – Planning for Disasters 20 September 2018
This is the last post in our series on E-commerce Security:
- Intro to Securing an Online Store – Part 1
- Intro to Securing an Online Store – Part 2
Today, let’s expand on some of the suggestions made during a webinar I hosted recently about steps you can take to secure your online store.
So far in this series, we have touched on how to identify potential risks and how to defend against threats via WAF technologies.
- Backdoor Uses Paste Site to Host Payload 18 September 2018
Finding backdoors is one of the biggest challenges of a website security analyst, as backdoors are designed to be hidden in case the malware is found and removed.
A backdoor is a piece of malware that attackers leave behind to allow them access back into a website. Hackers like to inject code into different locations to increase their chances of retaining control of the website so they can reinfect it continuously.
- Outdated Duplicator Plugin RCE Abused 14 September 2018
We’re seeing an increase in the number of cases where attackers are disabling WordPress sites by removing or rewriting its wp-config.php file.
These cases are all linked to the same vulnerable software: WordPress Duplicator Plugin.
Versions lower than 1.2.42 of Snap Creek Duplicator plugin are vulnerable to a Remote Code Execution attack, where the malicious visitor is able to run any arbitrary code on the target site.
- Unsuccessfully Defaced Websites 13 September 2018
What is a Defacement?
Website defacement is a hack that often involves adding malicious images to the website homepage and other important pages. Beyond the initial embarrassment, the effects of defacement can include loss of traffic, revenue, and trust in your brand.
- New Guide on How to Use the Sucuri WordPress Security Plugin 11 September 2018
Sucuri has always been active in the WordPress community. We’ve attended WordCamps around the world, created tools and features specifically for WordPress, and have maintained a free WordPress security plugin with over 400k installations.
If you don’t already have it, you can download the Sucuri Security – Auditing, Malware Scanner and Security Hardening plugin directly from the official WordPress repository.
Recently, we launched a guide on How to Use the WordPress Security Plugin.
- PCI for SMB: Requirement 5 & 6 – Maintain a Vulnerability Management Program 6 September 2018
This is the fourth post in a series of articles on understanding the Payment Card Industry Data Security Standard – PCI DSS. We want to show how PCI DSS can help anyone going through the compliance process using the PCI SAQ’s (Self Assessment Questionnaires). In the previous articles we have written about PCI, we covered the following:
- Requirement 1: Build and Maintain a Secure Network – Install and maintain a firewall configuration to protect cardholder data.
- WordPress Database Upgrade Phishing Campaign 4 September 2018
We have recently been notified of phishing emails that target WordPress users. The content informs site owners that their database requires an update and looks like this:
The email’s appearance resembles that of a legitimate WordPress update message, however the content includes typos and uses an older messaging style. Another suspicious item in the content is the deadline. WordPress wouldn’t define deadlines without a valid explanation, and hosting providers wouldn’t either (if you believed the email was from them).
- How to Improve Your Website Security Posture – Part II 30 August 2018
In the first post of this series, we discussed some of the main website security threats. Knowing the website security environment is a vital part of a good website posture. However, it is also important to be aware of what to do to strengthen your website.
Today, we are going to give you some practical tips on how to improve your website posture.
As a website owner, we highly recommend using the principle of least privilege. It is a computer science principle which can be applied to every level in a system and the benefits strengthen your website security posture.
- Core Integrity Verifications 28 August 2018
In order to clean a malware infection, the first thing we need to know is which files have been compromised. At Sucuri, we use several techniques including whitelists, blacklists, and anomaly checks. In this blog post, we’re going to be focusing on how core integrity checks are a key component of the whitelisting model and how this is aids in effectively detecting malware.
Cryptographic Hash Functions and Checksums
When a website compromise happens, attackers add, modify, or delete files from the server.
- Fake Font Dropper 24 August 2018
Every day we see different website infections. When we receive unusual or interesting cases, our researcher instincts are triggered to investigate the unusual website behavior in order to understand how new infections work. In this case, the odd behavior was the website’s pop-up window claiming there was a missing font.
The Unwanted Popup Window
A website owner reached out to us to investigate the error displaying on their site. The popup window informed the visitors that they were unable to view the content of the site because their computers were missing a font called “HoeflerText”:
The malware tries to trick visitors into clicking the “Update” button to download a malicious file called: Font_Update.exe
Earlier this year, we wrote about a wave of WordPress infections involving malicious plugins that inject obfuscated scripts, creating unwanted pop-up/pop-unders which serve unwanted ads.
- Massive WordPress Redirect Campaign Targets Vulnerable tagDiv Themes and Ultimate Member Plugins 22 August 2018
This August, we’ve seen a new massive wave of WordPress infections that redirect visitors to unwanted sites.
When redirected, users see annoying pages with random utroro[.]com addresses and fake reCAPTCHA images. The messages and content try to convince visitors to verify and subscribe to browser notifications without disclosing the purpose of this behavior.
Alternative redirect URLs include:
The injected malware involves a script from one of the following two sites: cdn.eeduelements[.]com and cdn.allyouwant[.]online.