• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer

Sucuri Blog

Website Security News

  • Products
    • Website Security Platform
    • Website Firewall (WAF)
    • Enterprise Website Security
    • Multisite Solutions
  • Features
    • Detection
    • Protection
    • Performance
    • Response
    • Backups
  • Partners
    • Agency Solutions
    • Partners
    • Referral Program
    • Ecommerce
  • Resources
    • Guides
    • Webinars
    • Infographics
    • SiteCheck
    • Reports
    • Email Courses
  • Immediate Help
  • Login

Luke Leal

About Luke Leal

Luke is a Malware Researcher at Sucuri. He enjoys boosting his desktop computer's performance and credits gaming with building his initial interest into anything computer related. When not saving websites, he likes to go on nature hikes or watch YouTube.

December 2, 2019Luke Leal

Another Fake Google Domain: fonts.googlesapi.com

Our Remediation team lead Ben Martin recently found a fake Google domain that is pretty convincing to the naked eye. The malicious domain was abusing the URL shortener service is.gd: shortened URLs were being injected into the posts table of the client’s WordPress database. Whenever…

Read More about Another Fake Google Domain: fonts.googlesapi.com

Black Friday Cyber Monday Threats

November 25, 2019Luke Leal

Black Friday/Cyber Monday Ecommerce Security Threats

With the end of November comes the height of the holiday shopping season — specifically Black Friday and Cyber Monday sales, which typically span the last calendar days of November…

Read More about Black Friday/Cyber Monday Ecommerce Security Threats

Why Reinfections Happen with a WAF

November 11, 2019Luke Leal

Why Reinfections Happen with a WAF

A web application firewall (WAF) is a great way to detect and filter incoming malicious requests before they can exploit website vulnerabilities and security flaws. While a WAF helps protect…

Read More about Why Reinfections Happen with a WAF

October 28, 2019Luke Leal

Fake French Police Sextortion Scam

There has been a noted increase in the number of sextortion scams during 2019. These scam campaigns are commonly distributed through email, but any method of digital communication can be…

Read More about Fake French Police Sextortion Scam

October 24, 2019Luke Leal

Throwback Threat Thursday: JCE Vulnerability

Throwback Threat Thursday is a series of posts where we recall older vulnerabilities that have since been patched by their developers. In the past, these vulnerabilities caused significant impacts to…

Read More about Throwback Threat Thursday: JCE Vulnerability

cPanel

October 8, 2019Luke Leal

An Indirect Way to Change cPanel Passwords

There’s no doubt that the ubiquitous “forgot your password?” feature has helped many users who’ve misplaced their password or otherwise forgotten it, however—the tradeoff is that it can result in…

Read More about An Indirect Way to Change cPanel Passwords

Phishing

September 19, 2019Luke Leal

Fake SSO Used In Multi-Email Provider Phishing

Single sign-on (SSO) allows users to sign into a single account (e.g Google) and access other services like YouTube or Gmail without authenticating with a separate username and password. This…

Read More about Fake SSO Used In Multi-Email Provider Phishing

Website Malware Infection

September 18, 2019Luke Leal

Fake Human Verification Spam

We recently released an update to our Labs Knowledgebase for new plugins that had been targeted during the month of July 2019. One of these newly targeted plugins was Advanced…

Read More about Fake Human Verification Spam

August 22, 2019Luke Leal

How Domain Expiration Can Potentially Disrupt Other Websites

A website owner recently reached out to us about a pop-up advertisement problem on their website which occurred any time someone clicked anywhere on the web page. This irritating pop-up…

Read More about How Domain Expiration Can Potentially Disrupt Other Websites

Troldesh Ransomware Dropper

August 12, 2019Luke Leal

Troldesh Ransomware Dropper

Over the past few weeks, we’ve seen an increase in Troldesh ransomware using compromised websites as intermediary malware distributors. The malware often uses a PHP file that acts as a…

Read More about Troldesh Ransomware Dropper

Reverse Hardening WP Config

July 30, 2019Luke Leal

Reverse Hardening WordPress Config

Hardening is the process of securing a website or system against known security weaknesses or potential issues to reduce the attack surface. The more functions or features a website has,…

Read More about Reverse Hardening WordPress Config

Primary Sidebar

Socialize With Sucuri

We're actively engaged across multiple platforms. Follow us and let's connect!

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS Feed

Join Over 20,000 Subscribers!

Footer

Products

  • Website Firewall
  • Website AntiVirus
  • Website Backups
  • WordPress Security
  • Enterprise Services

Solutions

  • DDos Protection
  • Malware Detection
  • Malware Removal
  • Malware Prevention
  • Blacklist Removal

Support

  • Blog
  • Knowledge Base
  • SiteCheck
  • Research Labs
  • FAQ

Company

  • About
  • Media
  • Events
  • Employment
  • Contact
  • Testimonials
  • Facebook
  • Twitter
  • LinkedIn
  • Instagram

Customer Login

Sucuri Home

  • Terms of Use
  • Privacy Policy
  • Frequently Asked Questions

© 2019 Sucuri Inc. All rights reserved

We use tools, such as cookies, to enable essential services and functionality on our site and to collect data on how visitors interact with our site, products and services. By clicking Continue, you agree to our use of these tools for advertising, analytics and support.Continue Read More
Privacy & Cookies Policy

Necessary Always Enabled