Virtual Patching for Websites with Sucuri CloudProxy
Daniel Cid All software has bugs, and some bugs can lead to security vulnerabilities. Vulnerabilities can be extremely dangerous when your software is running over the web,…
Browsing Category
Security Education
679 posts
2012 Web Malware Trends Report Summary
Sucuri is a website security company focused on the detection and remediation of web malware. In 2012, via our SiteCheck scanner, we scanned 9,953,729 unique…
Website Malware – Fixing Joomla SPAM Hacks – Conditional Payloads
Tony Perez Our Senior Malware Engineer, Fioravante Cavallari, is at it again. I think he has made it his personal mission in life to expel all Joomla…
NBC Website HACKED – Be Careful Surfing
Breaking, the NBC site is currently compromised and blacklisted by Google. Anyone that visits the site (which includes any sub page) will have malicious iframes…
Various Shades of Malware – Abusing Your Resources
We often write about very clear cut cases of malware activity. The attacker is leveraging your traffic, redirecting it to other locations, or injecting things…
Web Server Compromise – Debian Distro – Identify and Remove Corrupt Apache Modules
Came across another server compromise this week. Client was complaining that the following kept being injected into their JavaScript files: document.write("<style.vb4brk { position:absolute; left:-1655px; top:-1476px} </style> <div…
WordPress Security: 5 Steps To Reduce Your Risk
Dre Armeda Update 11/3/2017: Check out our latest WordPress Security Guide for best practices to keep your website protected and learn about vulnerabilities. Often you hear the…
Server Compromises – Understanding Apache Module iFrame Injections and Secure Shell Backdoor
There are many ways to inject a malicious payload onto a website. The attacker can modify any of the web files (index.php for example), the…
Website Security – The Importance of Access
I’m not sure why more emphasis isn’t put on access in website security discussions, but I’ll spend some time on it today. Understand that this…
WordPress SPAM Causing Headaches
Newly Released: On 11/3/2017 we published our guide on how to secure your WordPress site and it also talks about vulnerabilities and best practices. It…
Ruby on Rails Vulnerability Leads to Remote Command Execution on Servers
As always, the year is kicking off with a bang. This is a public service announcement to get the word out on a very serious…