Website Security News
Learn about the latest website security news from our research and incident response teams. Find out about emerging website malware campaigns and the best steps to protect your site from hackers. To learn more check out the series of website security guides created by our team.
When it comes to an organization’s security, business email compromise (BEC) attacks are a big problem. One primary reason impacts are so significant is that attacks often use a human victim to authorize a fraudulent transaction to bypass existing security controls that would normally be…
Over the past year, there’s been an increasing trend of WordPress malware using SQL triggers to hide malicious SQL queries within compromised databases. These queries inject an admin level user…
Realtime Blackhole Lists (RBLs) can be a great tool in your security arsenal. You may not know you’re using them, but all email providers and company email servers leverage these…
Aside from providing significant protection from a wide range of threats, the Sucuri WAF also acts as a CDN due to its caching capabilities and regional PoPs — often performing…
Read More about Optimizing Performance and Behavior with WordPress and the Sucuri WAF
Last November, we wrote about how attackers are using JavaScript injections to load malicious code from legitimate CSS files. At first glance, these injections didn’t appear to contain anything except…
Read More about Whitespace Steganography Conceals Web Shell in PHP Malware
It’s common knowledge that attackers often use email as a delivery mechanism for their malicious activity — which can range from enticing victims to click a phishing URL or download…
A Magento website owner was concerned about malware and reached out to our team for assistance. Upon investigation, we found the website contained a PHP injection in one of the…
Read More about Magento PHP Injection Loads JavaScript Skimmer
In mass infection scenarios, our Malware Research team often looks for attack vectors to find patterns and other similarities among compromised websites. The identification of these patterns allows us to…
Read More about Critical Vulnerabilities in 123contactform-for-wordpress WordPress Plugin
We recently found an interesting phishing kit on a compromised website that has QR code capabilities, along with the ability to control the phishing page in real time. What our…
Read More about Real-Time Phishing Kit Targets Brazilian Central Bank
As vital assets for many business operations, websites and their hosting servers are often the target of ransomware attacks — and if they get taken offline, this can cause major…
Read More about Obfuscation Techniques in Ransomweb “Ransomware”
Identifying website backdoors is not always an easy task. Since a backdoors primary function is to conceal itself while providing unauthorized access, they are often developed using a variety of…
