Website Security News
Learn about the latest website security news from our research and incident response teams. Find out about emerging website malware campaigns and the best steps to protect your site from hackers. To learn more check out the series of website security guides created by our team.
This is the second post of a series about Steps to Keep Your Site Clean. In the first post, we talked about Access Points; here we are going to offer more insight on Updates. Updates Repeatedly we see websites being infected or reinfected when important security…
Last week, we described how an ongoing massive malware campaign began using Baidu search result links to redirect people to various ad and scam pages. It didn’t last long. Soon…
If I were to ask if you could trust a script from Google that is loading on your website, the majority of users would say “yes” or even “absolutely”. But…
Read More about Malicious Activities with Google Tag Manager
As a website owner, it’s a good idea to be aware of the security issues that might affect your site. For example, Cross-site Scripting (XSS) attacks consist of injecting malicious…
The malware attack that began as an installation of malicious Injectbody/Injectscr WordPress plugins back in February has evolved since then. Some of the changes were documented as updates at the bottom…
We are proud to be releasing our latest Hacked Website Trend Report for 2017. This report is based on data collected and analyzed by the Sucuri Remediation Group (RG), which…
Recently, I analyzed a malware sample provided by our analyst Edward C. Woelke and noticed that it had been placed in a core WordPress folder. This seemed suspicious, since no…
Update – March 28th, 2018: The fake Flash update files referenced in this post have been moved from GitHub to port.so[.]tl, and the bit.wo[.]tc script to byte.wo[.]tc. A few days…
Read More about GitHub Hosts Infostealers Part 2: Cryptominers and Credit Card Stealers
A few months ago, we reported on how cybercriminals were using GitHub to load a variety of cryptominers on hacked websites. We have now discovered that this same approach is…
Unfortunately, most website owners know what it’s like to have a site hacked – the panic, the rush to find anyone out there that can help, and the worry it…
Read More about Steps to Keep Your Site Clean: Access Points
We often find mailer scripts while cleaning malicious code from websites. Some of them are easily discovered, while others are obfuscated or heavily encoded. These “mailers” allow bad actors to…
Read More about Mail from the ‘Boss’ – A Classic Example of a $_POST Mailer Stealing CC Data
