Call Us Today at 1-403-291-9811 or 1-866-291-3857

Web Security

  • Mixed Content Warnings in Google Chrome 14 November 2019 Mixed Content Warnings in Google Chrome

    Migrating your website to HTTPS may seem like a simple task. Get the TLS/SSL certificate, install it on your web server, and you’re done.

    The real pain for large projects, however, is changing http:// resources to https://. These resources include images, videos, sounds, forms, scripts, and CSS files, along with any externally loaded third-party elements like tracking, ads, and widgets.

    If an HTTPS page includes any of these elements served over the HTTP protocol, they are passed unencrypted from your web server to a visitor’s browser.

    Continue reading Mixed Content Warnings in Google Chrome at Sucuri Blog.

  • Malicious Android Application Used in Phishing Scam 13 November 2019 Malicious Android Application Used in Phishing Scam

    While we deal with a lot of phishing cases, we rarely see mobile applications used as part of a phishing campaign—these apps add a layer of complexity to the process which deters some bad actors from incorporating into their attack.

    To launch a successful phish with a mobile application, bad actors first need to figure out a way to distribute the app without an official source. They also need to figure out how to trick users into accepting permissions to run it on the device.

    Continue reading Malicious Android Application Used in Phishing Scam at Sucuri Blog.

  • Why Reinfections Happen with a WAF 11 November 2019 Why Reinfections Happen with a WAF

    A web application firewall (WAF) is a great way to detect and filter incoming malicious requests before they can exploit website vulnerabilities and security flaws. While a WAF helps protect against threats over HTTP/HTTPS, the website can still be hacked from the inside.

    Cross-site Contamination

    One common way that websites get reinfected is through cross-site contamination, which can occur even when a website is behind a firewall.

    Cross-site contamination happens when one website is infected and the malware copies itself into other directories, infecting all sites on the same server.

    Continue reading Why Reinfections Happen with a WAF at Sucuri Blog.

  • Vulnerable Versions of Adminer as a Universal Infection Vector 9 November 2019 Vulnerable Versions of Adminer as a Universal Infection Vector

    This past week, we’ve been monitoring a new wave of website infections mostly impacting WordPress and Magento websites. We found that hackers have been injecting scripts from scripts.trasnaltemyrecords[.]com into multiple files and database tables.

    This is still the same ongoing campaign that we’ve been following for the past few years, where site visitors are redirected to various kinds of scam landing pages—including tech support scams, fake lottery wins, and malicious browser notifications.

    Continue reading Vulnerable Versions of Adminer as a Universal Infection Vector at Sucuri Blog.

  • Skimmers for Both Magento and WordPress 7 November 2019 Skimmers for Both Magento and WordPress

    We often write about malware that steal payment information from sites built with Magento and other types of e-commerce CMS.

    When discussing credit card skimmers like Magecart, it’s sometimes overlooked that WordPress also has a decent share in the ecommerce segment. There are numerous popular plugins that can easily turn a WordPress site into a full-featured online store. In fact, Woocommerce alone has over 5 million installations.

    Credit Card Skimmer Injected in WordPress Core

    Our friend Salvador Aguilar over at Kinsta recently shared a few samples of malware found in the WordPress core files wp-includes/js/wp-util.min.js and wp-includes/js/admin-bar.min.js.

    Continue reading Skimmers for Both Magento and WordPress at Sucuri Blog.

  • Magento 1 End of Life 6 November 2019 Magento 1 End of Life

    It’s no secret that a CMS without support will develop vulnerabilities. Eventually, these lead to a compromised website — which cripples any ecommerce business. When you consider the popularity of the Magento ecommerce platform, it’s easy to see how their announcement of the Magento 1 end of life could leave a significant portion of ecommerce retailers scrambling for new solutions.

    That might sound dire, but we’re here to lay out the essential facts — and look at a way to extend that looming end-of-life deadline.

    Continue reading Magento 1 End of Life at Sucuri Blog.

  • Pharma Spam Redirects to .su & .eu Sites 4 November 2019 Pharma Spam Redirects to .su & .eu Sites

    We regularly clean all sorts of black hat SEO infections. During these infection cleanups, we often find compromised websites redirecting visitors to fake “Canadian Pharmacy” landing pages selling counterfeit men’s health pills from various .su and .eu top level domains.

    Spammy Redirect File Names & Contents 

    These SEO infections usually come in the form of files containing random file names, like the ones seen below.

    garbagesjz.php
    appreciablyx.php
    hooverizez.php
    germaniazd.php
    taxicabsxt.php
    crackingyo.php
    breathedy.php
    robelq.php
    scowlingg.php
    knifedp.php
    paleozoicg.php
    waterproofingve.php
    wp-content/reverencet.php
    ...

    Continue reading Pharma Spam Redirects to .su & .eu Sites at Sucuri Blog.

  • Halloween Tales of the IoT Crypt 31 October 2019 Halloween Tales of the IoT Crypt

    In the spirit of Halloween, we bring you some of the scariest internet of things (IoT) hacks that we have been made aware of.

    While this does not really focus on website security, it is still an interesting topic when you think about cybersecurity as a whole.

    Watching over a Baby

    The first spooky tale comes from Texas where a mother has her house wired with a Nest camera to watch over her 4 month old son.

    Continue reading Halloween Tales of the IoT Crypt at Sucuri Blog.

  • Data URLs and HTML Entities in New WordPress Malware 30 October 2019 Data URLs and HTML Entities in New WordPress Malware

    Last week, an ongoing WordPress malware campaign started a new wave which included a variety of experimental injection types.

    Scripts as Data URLs

    The first type looks pretty similar to what we discussed in our recent post.

    However, instead of placing the code between the <script>…</script> tags, these injections have begun to embed them inline using a so called data URL notation in the src parameter.

    Continue reading Data URLs and HTML Entities in New WordPress Malware at Sucuri Blog.

  • Fake French Police Sextortion Scam 28 October 2019 Fake French Police Sextortion Scam

    There has been a noted increase in the number of sextortion scams during 2019. These scam campaigns are commonly distributed through email, but any method of digital communication can be used to deliver the blackmail threat to the victim.

    Blackmail Attempts for Bitcoin Payments

    The majority of these sextortion scam emails follow a similar template, disclosed earlier this year in a post by MalwareBytes. This email template has been translated into various languages, however some of the templates use different methods to lure victims into believing the scammer.

    Continue reading Fake French Police Sextortion Scam at Sucuri Blog.

  • Throwback Threat Thursday: JCE Vulnerability 24 October 2019 Throwback Threat Thursday: JCE Vulnerability

    Throwback Threat Thursday is a series of posts where we recall older vulnerabilities that have since been patched by their developers. In the past, these vulnerabilities caused significant impacts to the security of website owners. Some vulnerable sites may be still be found in wild.

    Despite WordPress’ market share completely overshadowing other CMS’, Joomla (previously known as Mambo) has still managed to retain its position as the second most popular CMS.

    In fact, even with a decreasing market share in the overall CMS landscape, there are still well over a million live websites using Joomla to manage their digital content.

    Continue reading Throwback Threat Thursday: JCE Vulnerability at Sucuri Blog.