Ask Sucuri: Common WAF Questions and Concerns

There is no more frustrating experience than knowing you need something, but not knowing which questions to ask. This resonates with website owners when they are told they need to add (yet another) security solution to their tech stack – and it’s called a Website Application Firewall (WAF).

visit Sucuri Blog

WordPress Security – Fake TrafficAnalytics Website Infection

Several months ago, our research team identified a fake analytics infection, known as RealStatistics. The malicious Javascript injection looks a lot like tracking code for a legitimate analytics service. RealStatistics even set up fake analytics websites designed to trick webmasters who took a few steps to investigate the unfamiliar script.

visit Sucuri Blog

New Guide on How to Fix Hacked Magento Sites

Ecommerce refers to websites that involve online purchases. This functionality sparks new challenges, concerns, and requirements for website security. Online shopping, to many people, is almost synonymous with a certain kind of risk – and not without good reason. Over the holidays, we wrote a lot about the rise of credit card swipers.

visit Sucuri Blog

Labs Notes Monthly Recap – Jan/2017

Every month we recap the latest posts on Sucuri Labs, written by our Malware Research Team (MRT) and Incident Response Teams (IRT). The Sucuri Labs website provides technical analysis and industry updates directly from our teams on the front line. You can read past monthly recaps for an overview of the posts we’ve released each…

visit Sucuri Blog

RCE Attempts against the latest WordPress REST API Vulnerability

We are starting to see remote command execution (RCE) attempts trying to exploit the latest WordPress REST API Vulnerability. These RCE attempts started today after a few days of attackers (mostly defacers) rushing to vandalize as many pages as they could.

visit Sucuri Blog

JavaScript Injections Leads to Tech Support Scam

Using fake AddThis services and a malicious image to redirect users to a tech support scam, this malware campaign hides itself inside WordPress core files.

visit Sucuri Blog

How to Fix Mixed Content Warnings with SSL / HTTPS

This guide helps to fix mixed content warnings when deploying SSL (HTTPS). If you have issues with loading images, CSS, and JavaScript, read this tutorial.

visit Sucuri Blog