• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer

Sucuri Blog

Website Security News

  • Products
    • Website Security Platform
    • Website Firewall (WAF)
    • Enterprise Website Security
    • Multisite Solutions
  • Features
    • Detection
    • Protection
    • Performance
    • Response
    • Backups
  • Partners
    • Agency Solutions
    • Partners
    • Referral Program
    • Ecommerce
  • Resources
    • Guides
    • Webinars
    • Infographics
    • SiteCheck
    • Reports
  • Immediate Help
  • Login
  • Languages
    • English
    • Spanish
    • Portuguese
Baidu to Google Redirects

April 18, 2018Denis Sinegubko

From Baidu to Google’s Open Redirects

Last week, we described how an ongoing massive malware campaign began using Baidu search result links to redirect people to various ad and scam pages. It didn’t last long. Soon after the publication of that article, the bad actors changed the links to use compromised…

Read More about From Baidu to Google’s Open Redirects

Malicious Activities with Google Tag Manager

April 17, 2018Cesar Anjos

Malicious Activities with Google Tag Manager

If I were to ask if you could trust a script from Google that is loading on your website, the majority of users would say “yes” or even “absolutely”. But…

Read More about Malicious Activities with Google Tag Manager

Content Security Policy

April 13, 2018Gerson Ruiz

Content Security Policy

As a website owner, it’s a good idea to be aware of the security issues that might affect your site. For example, Cross-site Scripting (XSS) attacks consist of injecting malicious…

Read More about Content Security Policy

Unwanted Ads via Baidu Links

April 10, 2018Denis Sinegubko

Unwanted Ads via Baidu Links

The malware attack that began as an installation of malicious Injectbody/Injectscr WordPress plugins back in February has evolved since then. Some of the changes were documented as updates at the bottom…

Read More about Unwanted Ads via Baidu Links

Hacked Website Report 2017

April 6, 2018Rianna MacLeod

Hacked Website Trend Report – 2017

We are proud to be releasing our latest Hacked Website Trend Report for 2017. This report is based on data collected and analyzed by the Sucuri Remediation Group (RG), which…

Read More about Hacked Website Trend Report – 2017

Obfuscation through legitimate appearances.

April 4, 2018Peter Gramantik

Obfuscation Through Legitimate Appearances

Recently, I analyzed a malware sample provided by our analyst Edward C. Woelke and noticed that it had been placed in a core WordPress folder. This seemed suspicious, since no…

Read More about Obfuscation Through Legitimate Appearances

What is Virtual Hardening?

March 26, 2018Juliana Lewis

What is Virtual Hardening?

If you want to make your website security more robust, you need to think about hardening. To harden your website means to add different layers of protection to reduce the…

Read More about What is Virtual Hardening?

GitHub Hosts Infostealers

March 21, 2018Denis Sinegubko

GitHub Hosts Infostealers Part 2: Cryptominers and Credit Card Stealers

Update – March 28th, 2018: The fake Flash update files referenced in this post have been moved from GitHub to port.so[.]tl, and the bit.wo[.]tc script to byte.wo[.]tc. A few days…

Read More about GitHub Hosts Infostealers Part 2: Cryptominers and Credit Card Stealers

March 15, 2018Denis Sinegubko

GitHub Hosts Infostealer

A few months ago, we reported on how cybercriminals were using GitHub to load a variety of cryptominers on hacked websites. We have now discovered that this same approach is…

Read More about GitHub Hosts Infostealer

March 13, 2018Celise Davison

Steps to Keep Your Site Clean: Access Points

Unfortunately, most website owners know what it’s like to have a site hacked – the panic, the rush to find anyone out there that can help, and the worry it…

Read More about Steps to Keep Your Site Clean: Access Points

Mail from the Boss

March 8, 2018Yuliyan Tsvetkov

Mail from the ‘Boss’ – A Classic Example of a $_POST Mailer Stealing CC Data

We often find mailer scripts while cleaning malicious code from websites. Some of them are easily discovered, while others are obfuscated or heavily encoded. These “mailers” allow bad actors to…

Read More about Mail from the ‘Boss’ – A Classic Example of a $_POST Mailer Stealing CC Data

Primary Sidebar

Socialize With Sucuri

We're actively engaged across multiple platforms. Follow us and let's connect!

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS Feed

Sucuri website security

Join Over 20,000 Subscribers!

Footer

Products

  • Website Firewall
  • Website AntiVirus
  • Website Backups
  • WordPress Security
  • Enterprise Services

Solutions

  • DDos Protection
  • Malware Detection
  • Malware Removal
  • Malware Prevention
  • Blacklist Removal

Support

  • Blog
  • Knowledge Base
  • SiteCheck
  • Research Labs
  • FAQ

Company

  • About
  • Media
  • Events
  • Employment
  • Contact
  • Testimonials
  • Facebook
  • Twitter
  • LinkedIn
  • Instagram

Customer Login

Sucuri Home

  • Terms of Use
  • Privacy Policy
  • Frequently Asked Questions

© 2018 Sucuri Inc. All rights reserved