Website Security News
Learn how to secure your website using best practices from our team of website security professionals. Learn about the risks and threats to your web presence, including the steps to mitigate attacks and defend your website from hackers. Stay up to date with the latest emerging trends in website hacking so you can safeguard your visitors and brand reputation. You can also check out our website security guides for more!
We recently found an interesting phishing kit on a compromised website that has QR code capabilities, along with the ability to control the phishing page in real time. What our investigation revealed was that attackers were leveraging PIX, a new payment method created by the…
Read More about Real-Time Phishing Kit Targets Brazilian Central Bank
Identifying website backdoors is not always an easy task. Since a backdoors primary function is to conceal itself while providing unauthorized access, they are often developed using a variety of…
It’s not very often that we see abandoned components being used on a website — but when we do, it’s most often because the website was exhibiting malware-like behavior and…
Read More about The Dangers of Using Abandoned Plugins & Themes
Attackers are always trying to come up with new ways to evade detection from the wide range of security controls available for web applications. This also extends to malware like…
Read More about Obfuscation Techniques in MARIJUANA Shell “Bypass”
We have already shared examples of many kinds of malware that rely on an external gateway to receive or return data, such as different malware payloads. During a recent investigation,…
We’ve seen a wider variety of PHP web shells being used by attackers this year — including a number of shells that have been significantly updated in an attempt to…
Read More about ALFA TEaM Shell ~ v4.1-Tesla: A Feature Update Analysis
During malware analysis, we regularly find variations of this injected script on various compromised websites: . The variable “_0x446d” assigns hex encoded strings in different positions in the array. If…
Read More about Legacy Mauthtoken Malware Continues to Redirect Mobile Users
This summer, MalwareBytes researcher Jérôme Segura wrote an article about how criminals use image files (.ico) to hide JavaScript credit card stealers on compromised e-commerce sites. In a tweet, Affable…
Read More about CSS-JS Steganography in Fake Flash Player Update Malware
When we started Sucuri we set out to make enterprise security accessible, affordable, and effective for every day webmasters. It was at a time when open-source platforms like WordPress, Joomla!,…
Read More about Bridging the Gap Between Application and Network Security with CleanBrowsing
For every gleaming new IoT device that hits the market, a hacker somewhere is figuring out how to compromise it. Today, even routine activities can land you in the sights…
Read More about 5 Places Where You’d Never Expect to Get Hacked
A PHP shell containing multiple functions can easily consist of thousands of lines of code, so it’s no surprise that attackers often reuse the code from some of the most…
