Phishing Leveraging the Sucuri Brand
Rafael Capovilla We are always on guard for phishing emails and websites that might try to compromise our customers or employees, so that we can be on top of…
Labs Notes Monthly Recap – May/2017
Estevao Avillez Sucuri Labs provides website malware research updates directly from our teams on the front line. You can read past-monthly recaps to catch up on trends…
How Undefined Variables Can Give You RCE
Fernando Barbosa When investigating a compromised website, our team has to make sure that all malware and backdoors are cleared from the environment. In some instances, these…
Spotlight: How a Digital Marketing Agency Secures Client Sites
Nikki Gerren Based in Melbourne, Australia for over 17 years, 24Digital knows what it takes to succeed in the ever-evolving digital marketing space which is no longer…
The elegant dropper – reusable code for PHP shell installation
Yuliyan Tsvetkov During our malware research role, we analyze hundreds (if not thousands) of malware samples every day. Quite often, highly-obfuscated techniques are used by attackers to…
Personal Security Guide – WiFi Network
Caleb Lane This is the third part in our series on personal security that offers methods to strengthen your overall security posture. By taking a holistic approach…
Simple $_COOKIE backdoor (variation)
There are many ways to develop a backdoor and virtually all of them share a similar goal – not to be discovered. To achieve that,…
New Non-HTTPS Websites Blacklisted for Phishy Password Practices
Cesar Anjos We submit hundreds of blacklist review requests every day after cleaning our clients’ websites. Google’s Deceptive Content warning applies when Google detects dangerous code that…
Personal Security Guide – Online Accounts
In our last post on browser security, we talked about how developing a broader security mindset can help keep your website safe. By taking steps…
Personal Security Guide – Web Browsers
If your computer is infected, malware can spread to your website through text editors and FTP clients. Weak passwords are also vulnerable to brute force…
SQL Injection Vulnerability in Joomla! 3.7
Marc-Alexandre Montpas During regular research audits for our Sucuri Firewall (WAF), we discovered a SQL Injection vulnerability affecting Joomla! 3.7 – CVE-2017-8917. The vulnerability is easy to exploit and…