GitHub Hosts Infostealer
Denis Sinegubko A few months ago, we reported on how cybercriminals were using GitHub to load a variety of cryptominers on hacked websites. We have now discovered…
Browsing Category
Website Security
1031 posts
Steps to Keep Your Site Clean: Access Points
Celise Davison Unfortunately, most website owners know what it’s like to have a site hacked – the panic, the rush to find anyone out there that can…
Mail from the ‘Boss’ – A Classic Example of a $_POST Mailer Stealing CC Data
Yuliyan Tsvetkov We often find mailer scripts while cleaning malicious code from websites. Some of them are easily discovered, while others are obfuscated or heavily encoded. These…
Intro to Securing an Online Store – Part 2
Victor Santoyo Last year, we introduced the theme of Securing an Online Store. We talked about how to identify the potential risks and what to look out…
The Impacts of Zero-Day Attacks
Gerson Ruiz Last week, we explained what zero-day vulnerabilities and attacks are. Essentially, zero-day vulnerabilities exist in the wild, with no patch available to prevent hackers from…
New Guide on How to Clean a Hacked Website
Juliana Lewis Our mission at Sucuri is to make the internet a safer place and that entails cleaning up hacked websites. We have teams who actively research…
Understanding Zero-Day Vulnerabilities & Attacks
In computer science, a vulnerability is considered to be a zero-day vulnerability if it’s unknown to all parties interested in patching it, such as: The…
Wikipedia Page Review Reveals Minr Malware
Since December, we’ve seen a number of websites with this funny looking obfuscated script injected at the very top of the HTML code (before the…
Unwanted Pop-ups Caused by Injectbody/Injectscr Plugins
On February 8th, 2018, we noticed a new wave of WordPress infections involving two malicious plugins: injectbody and injectscr. These plugins inject obfuscated scripts, creating…
How to Add Security to Your Client’s Websites
Website security has crossed the mind of nearly every website owner. However, as a website security company, we know that most webmasters come to us…
Cloudflare[.]solutions Keylogger Returns on New Domains
A few months ago, we covered two injections related to the “cloudflare.solutions” malware: a CoinHive cryptominer hidden within fake Google Analytics and jQuery, and the…