Denis Sinegubko Espanol Hackers are constantly scanning the internet for exploitable sites, which is why even small, new sites should be fully patched and protected. At the same time, it is not feasible to scan the whole internet with 330+ million domains and billions of web pages.
As part of a vulnerability research project for our Sucuri Firewall, we have been auditing popular open source projects looking for security issues. While working on the WordPress plugin WP Statistics, we discovered a SQL Injection vulnerability. This plugin is currently installed on 300,000+ websites. Are You at Risk?
Based in Melbourne, Australia for over 17 years, 24Digital knows what it takes to succeed in the ever-evolving digital marketing space which is no longer a world resting on desktop alone. The goal is to be an extension to every client’s marketing department, a true partnership to launch or rebuild effective websites – from WordPress to Magento ecommerce sites, and everything in between.
This is the third part in our series on personal security that offers methods to strengthen your overall security posture. By taking a holistic approach to security, you are protecting your website against attack vectors due to poor security practices in various aspects of your digital life.
Over the course of the last year, our teams have been getting creative and making a collaborative effort to improve the experience of our customer dashboard. Website security is multifaceted and we understand the logistical complexities of managing multiple sites. That’s why we are continually brainstorming ways to make the management of your website security tools more streamlined.
This month, our Malware Research and Incident Response teams wrote about several malware techniques that attempt to evade detection by focusing on small changes that website owners might miss. Examples include typos in domain names, unused top-level domains (i.e. .com, .solutions), and delayed banner ads.
If you are a customer of ours, you may have noticed the recent updates we’ve made to our dashboard. These changes enhance your ability to manage the Sucuri Firewall and view detailed reports on the attacks being blocked from accessing your site.
The Sucuri Firewall dashboard provides a rich set of API functions that can be used to control your firewall settings remotely. In addition, there is an API function to download your Audit Trails in JSON format. The audit trail is a list of blocked requests that the firewall performed on your behalf to keep your site safe.
If you own a website and collaborate with others, the principle of least privilege should never be questioned. It is a computer science principle which has applications and benefits to strengthen your website security posture. This principle is about: Using the minimal set of privileges on a system in order to perform an action.
Some website hacks aim to make some political statements. Defacements are well known for this. Some infections redirect visitors to scam sites that push (usually counterfeit) goods or (often illegal) services. But what would you feel if your site redirected visitors to a political news site?
We are happy to share some big changes to the monitoring dashboard. The Sucuri Platform features a monitoring dashboard that provides information regarding the security of your website. If you’re not familiar with the monitoring piece of our platform, it’s a cloud-based Intrusion Detection System (IDS) built on the concept of a Network-Based Integrity Monitoring System (NBIMS).
Every month we recap the latest posts on Sucuri Labs, written by our Malware Research Team (MRT) and Incident Response Team (IRT). Sucuri Labs provides website malware research updates directly from our teams on the front line. You can read past-monthly recaps to catch up on trends we look at every month.
After carefully designing a theme and images that represent your brand, nothing is worse than seeing a malicious image suddenly associated with your business or website. In a recent blog post, we discussed a case in which a lewd image was showing in the Google Maps Images section for one of our client’s businesses.
Since late last year, there has been a steady rise in malware campaigns that aim to steal sensitive personal information and financial credentials. Attackers often insert pieces of malicious code in the middle of a shopping cart process, allowing them to leak credit card numbers, billing addresses, and identification numbers.
SEO hacks continue to plague websites as attackers abuse SERP rankings for their own gain. The time and effort spent by the website owner creating content, optimizing pages and building links is stolen by an attacker in an instant.
Northon Torga Espanol Portugues Try to remember what you ate for lunch yesterday. It took you about 3-5 seconds, right? Ok. Now recall that memory once more. Took you less than a second this time, for sure. You remembered much faster the second time around because you didn’t have to “query” that information again from your brain’s “storage”.
Authored by Daniel & Tony We are happy to announce that as of today Sucuri will be joining the GoDaddy family. This acquisition will bring the best of both worlds. It will allow us to expand our product-line to all GoDaddy customers, while also remaining true to our foundation supporting all our current and future…
In a previous post, we illustrated how attackers were fetching information from compromised sites under their control to display spam content on other hacked websites. By adding malicious files into a directory and using the victim’s database structure, attackers were able to inject ads and promote their products.
Just over a week ago, WordPress released version 4.7.3 to patch multiple security issues. Despite the automatic update feature provided by many hosting companies, there are still many WordPress websites that have not been updated.
Security Risk: Low Exploitation Level: Hard / Requires at least Contributor privileges DREAD Score: 4/10 Vulnerability: Stored XSS Patched Version: 4.7.3 As you might remember, we recently blogged about a critical Content Injection Vulnerability in WordPress which allowed attackers to deface vulnerable websites.
Attackers are constantly developing new techniques to compromise ecommerce websites and steal sensitive data. Over the last several weeks, we tracked massive attacks against Magento sites where attackers are injecting malicious scripts that create functions designed to steal credit card information. This technique is not restricted to Magento core files.
Everyone has received a phishing scam via email at one point or another. Thanks to modern anti-spam technology, most of these messages are blocked from ever reaching our inboxes. I said most of them.
In the past, we have seen a massive amount of vBulletin websites compromised through the VBSeo Vulnerability. Attackers have been infecting vBulletin websites since 2012 with this malware, and more recently with a new variation of the same infection.
Every month we recap the latest posts on Sucuri Labs, written by our Malware Research Team (MRT) and Incident Response Team (IRT). The Sucuri Labs website provides technical analysis and industry updates directly from our teams on the front line. You can read past-monthly recaps for an overview of the posts we’ve released.
We write quite often about SEO spam injections on compromised websites, but this is the first time we have seen this blackhat tactic spreading into the WHOIS results for a domain name. If you are not familiar with ” WHOIS”, it is a protocol used to check who owns a specific domain name.
Security Risk: Critical Exploitation Level: Easy/Remote DREAD Score: 9 Vulnerability: SQL Injection Patched Version: 2.1.79 As part of a vulnerability research project for our Sucuri Firewall (WAF), we have been auditing multiple open source projects looking for security issues. While working on the WordPress plugin NextGEN Gallery, we discovered a severe SQL Injection vulnerability.
There is no more frustrating experience than knowing you need something, but not knowing which questions to ask. This resonates with website owners when they are told they need to add (yet another) security solution to their tech stack – and it’s called a Website Application Firewall (WAF).
Ecommerce refers to websites that involve online purchases. This functionality sparks new challenges, concerns, and requirements for website security. Online shopping, to many people, is almost synonymous with a certain kind of risk – and not without good reason. Over the holidays, we wrote a lot about the rise of credit card swipers.
Every month we recap the latest posts on Sucuri Labs, written by our Malware Research Team (MRT) and Incident Response Teams (IRT). The Sucuri Labs website provides technical analysis and industry updates directly from our teams on the front line. You can read past monthly recaps for an overview of the posts we’ve released each…
We are starting to see remote command execution (RCE) attempts trying to exploit the latest WordPress REST API Vulnerability. These RCE attempts started today after a few days of attackers (mostly defacers) rushing to vandalize as many pages as they could.
Using fake AddThis services and a malicious image to redirect users to a tech support scam, this malware campaign hides itself inside WordPress core files.
WordPress 4.7.2 was released two weeks ago, including a fix for a severe vulnerability in the WordPress REST API. We have been monitoring our WAF network and honeypots closely to see how and when the attackers would try to exploit this issue the wild.
In 2016, I shared some thoughts about firewalls in general; their history and purpose in the information security domain. The point of the article was to help website owners differentiate between the types of firewalls they might encounter. Today, I will shift my focus specifically to website application firewalls (WAF).
Security Risk: Severe Exploitation Level: Easy/Remote DREAD Score: 9/10 Vulnerability: Privilege Escalation / Content Injection Patched Version: 4.7.2 As part of a vulnerability research project for our Sucuri Firewall (WAF), we have been auditing multiple open source projects looking for security issues.
Alycia Mitchell Espanol Portugues It takes a lot of bravery to create a small business. Putting yourself out there and taking risks is not for the faint of heart. Having a website is just one aspect of your business, but it’s an important one.
When a website is hacked, we often find that attackers have injected multiple backdoors, web shells, and malicious code that allows them to regain access if the original vulnerability is patched. This allows hackers to continue abusing the website and server resources. One of the techniques they use is to add fake extensions that perform various malicious activities.
Since launching our website performance testing tool we have been getting a lot of questions about how to improve the speed and performance of WordPress websites. Many website owners are not aware how slow their sites are, so we are excited to help shed some light on the matter.
A common pattern we see in compromised websites is the presence of backdoors and other malicious code. During Q3 of 2016, we found that 72% of all compromises that we encountered had a PHP-based backdoor hidden within the site.
Last month there were a number of interesting website hacks being analyzed by our Malware Research Team (MRT) and Incident Response Teams (IRT). The Sucuri Labs website provides technical analysis and industry updates directly from our teams on the front line.
During the last couple of years, it has become quite prevalent for hackers to monetize compromised sites by injecting unwanted ads. They can be pop-up ads triggered when a visitor spends a certain amount of time on an infected page, or automatic redirection of mobile traffic to URLs that belong to ad networks.
With the new year upon us, it makes sense to reflect on how things have changed. Our Malware Research and Incident Response teams just published their latest report on trends in website security, and in the coming weeks we plan to write about the latest upgrades to the Sucuri dashboard.
Navigating the web on a mobile device can be tricky even when you’re browsing clean sites. If hackers are involved, the frustration of a pop-up can turn into the dangerous possibility of harmful mobile malware. The increase in mobile internet browsing has prompted attackers to adapt their techniques, targeting mobile-specific platforms and distributing spam and…
With so many open-source ecommerce platforms available in the market, selling online is an appealing and easy option for any store owner. In a few clicks you can set up an online storefront and sell your products. While the process to get the site up may be simple, there are always risks that arise when asking visitors to enter sensitive data.
As a business owner, the last thing you want is for a potential customer to search Google for your business and find a lewd image. The way your website appears to searchers is incredibly important to your brand reputation and trustworthiness. Search engine optimization (SEO) professionals constantly experiment with ways to satisfy Google’s secret and mysterious algorithm.
One of the worst experiences a website owner can have is being blacklisted by Google. If you are one of the 10,000 websites that has been slapped with a big red malware warning, our latest, free DIY guide is for you.
Attackers compromise sites with a number of goals in mind – also referred to as . In some instances they aim to abuse resources or gain SEO power, and in others they are seeking access to sensitive data, also known as actions on objective data exfiltration.
Time for another monthly recap! If you haven’t seen the other monthly recaps, make sure to check out October and September. Our malware research and incident response teams publish technical content in the Sucuri Labs Notes. The knowledge and recommendations are useful to keep your website and visitors safe.