Website Security News

December 7, 2018Peter Gramantik

Fake Volkswagen Campaign Spreads Through Social Networks

We recently investigated a suspicious link received by one of my colleagues on WhatsApp. The message (in Portuguese) states that Volkswagen is offering 20 free cars until the end of the year, and directs users to participate on a site that has been apparently crafted…

December 6, 2018Denis Sinegubko

Localization and Customization of Credit Card Stealing Malware

Credit card stealing malware is becoming more and more customized. We’ve been regularly seeing injected scripts with URLs that either mimic or include a portion of the victim’s site domain….

December 4, 2018Cesar Anjos

Using Innocent Roles to Hide Admin Users

All across the internet, we find guides and tutorials on how to keep your WordPress site secure. Most of them approach the concept of user roles, but not many actually…

November 29, 2018Juliana Lewis

What is Phishing?

Phishing is a serious threat to any industry. We have seen this topic appear in the news more each day. You might have already received a fraudulent email from what seemed…

Fear, Uncertainty, and Doubt

There’s a term for the practice of scaring potential customers into purchasing products or services they don’t need: FUD; fear, uncertainty, and doubt. This practice is widespread in the computer/IT…

November 21, 2018Victor Santoyo

Navigating Data Responsibility

As we take a step back and think about how much the Internet has grown over the past 20 years, we realize how much content/data has been made available to…

November 19, 2018Juliana Lewis

A Scam-Free Cyber Monday for Online Businesses

Every year we see an increase in website attacks during the holidays. While business owners see their sales go up due to promotional Black Friday and Cyber Monday campaigns, hackers…

November 16, 2018Victor Santoyo

PCI for SMB: Requirement 9 – Implement Strong Access Control Measures

Welcome to the sixth post of a series on understanding the Payment Card Industry Data Security Standard–PCI DSS. We want to show how PCI DSS affects anyone going through the…

November 14, 2018Northon Torga

Real-Time Fine-Tuning of the WAF via API

Though the Sucuri Firewall is simple to set up and protects your website immediately, it’s possible to have granular control of the WAF by using an API. For instance, there’s…

November 13, 2018Denis Sinegubko

Hackers Change WordPress Siteurl to Pastebin

Last Friday, we reported on a hack that used a vulnerability in the popular WP GDPR Compliance plugin to change WordPress siteurl settings to erealitatea[.]net. At that time it was…

November 9, 2018Pedro Peixoto

Erealitatea[.]net Hack Corrupts Websites with WP GDPR Compliance Plugin Vulnerability

We have noticed a growing number of WordPress-based sites that have had their URL settings changed to hxxp://erealitatea[.]net. Further investigations show that the issue is related to a security vulnerability…