- Magento Credit Card Stealer Reinfector 19 June 2018
In the past few months, we have frequently seen how attackers are infecting Magento installations to scrape confidential information such as credit cards, logins, and PayPal credentials. That is why we have reported on a credit card stealer reinfector of Magento websites in one of our recent Labs Notes.
In this post, we describe one of the methods hackers use to ensure that their malicious code is added back to a website after it has been removed.
- The Importance of Website Backups 14 June 2018
Imagine waking up in the morning to see that a couple of calls were missed and your email is overloaded with messages saying that your website is down. You go to your computer to check your server and it’s working fine – but oh no, all your files are deleted from the database. What would you do?
Backing up everything may seem a boring task, however, website backups can be a life saver.
- How to Improve Website Resilience for DDoS Attacks – Part I 12 June 2018
Denial of Service (Dos) and Distributed Denial of Service (DDoS) attacks are unforgiving. They test the limits of your web server and application resources by sending spikes of fake traffic to your website. It is also notoriously difficult to conduct forensics on a DDoS attack, making the source of the attack a mystery.
DDoS attacks are getting cheaper, more sophisticated and more readily accessible every day. As a result, they have become an instrument of war for both commercial and political purposes.
- How APIs Can Streamline Your Operations 5 June 2018
Day-to-day operations can present many challenges. Whether you’re wearing multiple hats within the same department or a project lead managing dozens, even hundreds of web applications – time is always the concern.
How late do I need to stay up tonight?
How much longer will this take? What did I miss?
I’ve heard this communicated a number of different ways, but the one takeaway is that leveraging APIs is invaluable to your everyday workflow when working with third-party vendors.
- Shell Logins as a Magento Reinfection Vector 31 May 2018
Recently, we have come across a number of websites that were facing reinfection of a credit card information stealer malware within the following files:
These are common files for attackers to target as they operate throughout Magento sites, but these instances were special as they had a very peculiar reinfection rate.
Malicious Scripts Loaded Through .bashrc
Upon closer inspection, we came across this snippet in the site owner’s .bashrc file.
- New Guide on How to Position Website Security for Customers 29 May 2018
Website security is challenging, especially when dealing with a large network of sites.
That is why we have created a guide for web professionals and web service providers.
Our main objective is to help you understand how to leverage a website security plan for your clients.
In the guide, we provide content you can add to your business portfolio to market and validate website security among your clients.
- Sucuri is Committed to the Protection of Your Data 24 May 2018
Protecting our users’ information and privacy is extremely important to us. As a cloud-based security service, we’re fully committed to complying with the requirements of the General Data Protection Regulation (GDPR).
What is the GDPR?
The GDPR is a new data privacy law effective May 25th, 2018 that mandates how companies collect, modify, process, store, and delete the personal data originating in the EU for both residents and visitors.
We believe that the GDPR is a positive thing for individuals and brands, as it offers those affected the right to access their personal information or have it deleted entirely.
- An Old Trick with a New Twist: Cryptomining Through Disguised URL Shorteners 22 May 2018
As we have previously discussed on this blog, surreptitious cryptomining continues to be a problem as new methods emerge to both evade and hasten the ease of mining at the expense of system administrators, website owners, and their visitors.
Another Way Hackers are Tricking Website Visitors into Stealth Cryptomining
The latest of these new techniques is actually more of a twist on the old method by disguising a malicious website through the malicious URL shorteners.
- Referral Program Update – Now Offering Agency Plan 18 May 2018
Sucuri’s main objective is to make the internet a safer place for everyone. With that in mind, we created a Referral Program, which gives you the opportunity to advocate for website security and profit from it.
Our referral partners use their custom link to recommend Sucuri products and receive a starting commission of 25% off the total net purchase when a customer signs up for our Platform and Firewall plans.
- The Impacts of a Data Breach 15 May 2018
Have you ever wondered what happens if your e-commerce site is breached?
Usually, when you think about data breaches, you think about big enterprise websites. Does that mean that big brands are the ones who suffer the most from data breaches? Actually not.
Recently, Trustwave put out a report that states approximately 90% of breaches impact small merchants.
Here are the top 3 compromised industries:
- 1- Retail – 45%
- 2- Food and Beverage – 24%
- 3 – Hospitality – 9%
This graph shows the top 3 compromised industries due to vulnerabilities that allow attackers to steal data; however, bear in mind that any website could become a victim.
- What is PCI Compliance? 10 May 2018
Sucuri aims at keeping the internet safe. That is why we are so keen on informing our customers of potential threats. We have posted many articles regarding ecommerce security breaches that steal credit card information, as well as the risks for ecommerce site owners.
There can be many dangers when purchasing through a website, and with so many cyber threats attacking ecommerce platforms and payment gateways, it’s more important than ever to reassure your customers by implementing and maintaining Payment Card Industry (PCI) Compliance.