After many suggestions, we decide to setup a blog to better communicate with our users. Expect updates from http://sucuri.net and some security-related posts from us.
You May Also Like
Analysis of the Massive NDSW / NDSX Malware Campaign
Denis Sinegubko
- June 2, 2022
Recently, Avast’s researchers Pavel Novák and Jan Rubín posted a detailed writeup about the “Parrot TDS” campaign involving more than 16,500 infected websites. Such massive…
The Anatomy of Website Malware Part 2: Credit Card Stealers
Peter Gramantik
- December 30, 2019
One of the biggest malicious trends in the last few months and years are credit card stealers — also commonly referred to as credit card…
How to Find & Fix Japanese SEO Spam
Puja Srivastava
- September 19, 2023
Japanese SEO Spam, also known as “Japanese keyword hack” or “Japanese SEO poisoning,” is a spammy search engine optimization technique used by black hat SEO…
Magento Supply Chain Attack Targets Extension Developer FishPig
Ben Martin
- September 15, 2022
Magento store owners using the popular FishPig extensions should be wary of a recent supply chain attack which compromised their software repository. FishPig released a…
Obfuscated WordPress Malware Dropper
Luke Leal
- April 21, 2020
It goes without saying that evasive maneuvering is at the top of a hacker’s priority list. Most often, they try to evade detection by obfuscating…
JavaScript Malware Switches to Server-Side Redirects & DNS TXT Records as TDS
Denis Sinegubko
- April 18, 2024
Last August we documented a malware campaign that was injecting malicious JavaScript code into compromised WordPress sites to redirect site visitors to VexTrio domains. The…
How to Perform a Website Security Audit ( with Checklist)
Pilar Garcia
- July 24, 2019
Why Should You Audit Your Website for Security? Most hacks and cyber attacks happen because of poor security practices. The first step you can take…
xmlrpc.php Brute Force Tool
Luke Leal
- May 9, 2019
We discovered a xmlrpc.php brute-force tool in a malicious PHP script that appears to have been uploaded months ago after a vulnerable GDPR plugin exploit:…
How APIs Can Streamline Your Operations
Victor Santoyo
- June 5, 2018
Day-to-day operations can present many challenges. Whether you’re wearing multiple hats within the same department or a project lead managing dozens, even hundreds of web…
Using assert() to Execute Malware in PHP 7 Environments
Krasimir Konov
- September 1, 2020
Initially released December 2015, PHP 7 introduced a multitude of performance and security improvements. Approximately 43.7% of websites across the web currently use PHP 7.x,…
2 comments
“/>
“/>
[click here](javascript:alert(document.domain))
Comments are closed.