Take Back Your Internet – Demand a Safer Web

Take back the internet

Over the last couple of weeks, we’ve written about malicious redirects pushing users to porn sites, ever more complicated phishing scams being carried out by multiple compromised websites on a single server and about adsense blackmail. We’ve written a
Read More

Was the FIFA Website Hacked?

twitter hacked

As many know, our company has deep Brazilian roots, as such we have no choice but to enamored with the upcoming World Cup. Yes, the World Cup is coming, soccer news is everywhere and like most things, websites are being used to disseminate the news.
Read More

Phishing Tale: An Analysis of an Email Phishing Scam

Spam email in our security team's inbox

Phishing scams are always bad news, and in light of the Google Drive scam that made the rounds again last week, we thought we’d tell the story of some spam that was delivered into my own inbox because even security researchers, with well though-out e
Read More

Vulnerability found in the All in One SEO Pack WordPress Plugin

The team behind the All in One SEO Pack just released a new version of their popular WordPress plugin. It is a security release patching two privilege escalation vulnerabilities we discovered earlier this week that may affect any web site running
Read More

Analyzing a Malicious iFrame – Following the Eval Trail

Sucuri - JS Infection IV

Over the last week, we’ve been working with some interesting malware injections. Developers and malware prevention professionals usually think of hidden iframes that deliver spam-seo or other malware as easy to spot. Take this injection, for example (
Read More

BaDoink Website Redirect – Malicious Redirections to Porn Websites on Mobile Devices

looking-for-porn

The past week has brought about a large number of cases where compromised websites had hidden redirections to porn injected into their code. All the infections had a similar pattern where they only targeted mobile devices. They are highly conditional
Read More

Sucuri CloudProxy – Website Firewall Enhancements

Screen Shot 2014-05-21 at 10.49.55 AM

When LA's DA says that, "73% of our local businesses appear to have been hacked," it begins to illustrate the importance website protection will play in the future of business, which is why we've placed so much emphasis on website protection on this
Read More

Desktop AVs and Website Security

Brian Dye tells the Wall Street Journal that antivirus tools like his company's Norton suite are effectively "dead” because they catch less than half of all attacks, but from where we sit, that's really just half the story. Does Brian mean that a
Read More

Watch a Layer 7 DDOS Attack – WordPress Security

A few weeks back we reported on very large Layer 7 DDOS attacks within the WordPress ecosystem. Today we decided to provide you a little illustration of what that looks like. Remember, there is a big difference between Brute Force and Denial
Read More

Case Study: Analyzing the Origins of a DDoS Attack

ddos-map-2014-04

Recently a client was experiencing a massive layer 7 DDOS attack, generating tens of thousands of random HTTP requests per second to the server. The architecture of the website included a cluster of three web servers responsible for handling all
Read More