TimThumb Attacks: The Scale of Legacy Malware Infections
Denis Sinegubko These days, we consider a malware campaign massive if it affects a couple thousand websites. However, back in the day when Sucuri first started its…
How to Improve Ecommerce Security
Chase Watts If you have an ecommerce website, you are certainly concerned about ecommerce security. Business revenue depends on your online presence and having a website compromise…
Internet Cookies: What Are They and Are They Good or Bad?
Victor Santoyo Cookies! I LOVE Cookies. Oatmeal raisin are one of my particular favorite flavors. However, we’re not here to talk about baked goods as much as…
How Domain Expiration Can Potentially Disrupt Other Websites
Luke Leal A website owner recently reached out to us about a pop-up advertisement problem on their website which occurred any time someone clicked anywhere on the…
The Largest DDoS Attacks & What You Can Learn From Them
Pilar Garcia A DDoS (Distributed Denial of Service) is an attack that focuses on making the website unavailable to its legitimate users. DDoS attacks can produce service interruptions,…
Lack of controls when using WordPress’ update_option() with user input data equals plugin nightmare
John Castro As mentioned in recent posts, WordPress’ update_option() function is used to update any option in the options database table. If the permission flow when using…
Sucuri Can Help Secure Your Client Websites
Stephen Johnston At Sucuri, we understand that most web professionals and web agencies ultimately need to make their clients part of the decision-making process for choosing to…
What Hackers Do after Gaining Access to a Website
A hack or cyber attack is the act of maliciously entering, taking control over, or manipulating by force a web application, server, or file that…
Skimmers and Phishing
Recently, we shared a post about a network of domains used in a JavaScript credit card stealing malware campaign. These domains are all hosted on…
How to Create a Website Maintenance Plan & Contract
In my years of experience working alongside agencies, I’ve realized that managed providers and other web pros who offer website maintenance to their clients, have…
KOSONG Credit Card Stealer
Our security analyst Christopher Morrow recently discovered a server-side Magento skimmer that was injected into the savePayment function in the app/code/core/Mage/Checkout/Model/Type/Onepage.php file. This code emails…