Simple $_COOKIE backdoor (variation)
Fernando Barbosa There are many ways to develop a backdoor and virtually all of them share a similar goal – not to be discovered. To achieve that,…
New Non-HTTPS Websites Blacklisted for Phishy Password Practices
Cesar Anjos We submit hundreds of blacklist review requests every day after cleaning our clients’ websites. Google’s Deceptive Content warning applies when Google detects dangerous code that…
Personal Security Guide – Online Accounts
Caleb Lane In our last post on browser security, we talked about how developing a broader security mindset can help keep your website safe. By taking steps…
Personal Security Guide – Web Browsers
If your computer is infected, malware can spread to your website through text editors and FTP clients. Weak passwords are also vulnerable to brute force…
SQL Injection Vulnerability in Joomla! 3.7
Marc-Alexandre Montpas During regular research audits for our Sucuri Firewall (WAF), we discovered a SQL Injection vulnerability affecting Joomla! 3.7 – CVE-2017-8917. The vulnerability is easy to exploit and…
Website Availability and Security When Migrating Hosts
Brett Townsend Website security is a continuous process. It’s not something that should be turned on when the time is right; rather integrated into the full scope…
Tricky malvertising injections
Abdelli Nassereddine When a website is compromised, one of the most interesting and challenging tasks we perform is identifying all malware to prevent attackers from regaining access…
Fake WordPrssAPI Stealing Cookies and Hijacking Sessions
Cookies are stored in the user’s browser to track behavior on a specific website. They also keep a user logged in during the active browsing…
Introducing the New Sucuri Customer Dashboard
Daniel Cid Over the course of the last year, our teams have been getting creative and making a collaborative effort to improve the experience of our customer…
Client-Side or Server-Side Script?
Denis Sinegubko We’ve already described several times how credit card stealing malware hides a data collecting script behind an image URL. When people see URLs that end…
Labs Notes Monthly Recap – Apr/2017
Estevao Avillez This month, our Malware Research and Incident Response teams wrote about several malware techniques that attempt to evade detection by focusing on small changes that…