• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer

Sucuri Blog

Website Security News

  • Products
    • Website Security Platform
    • Website Firewall (WAF)
    • Enterprise Website Security
    • Multisite Solutions
  • Features
    • Detection
    • Protection
    • Performance
    • Response
    • Backups
  • Partners
    • Agency Solutions
    • Partners
    • Referral Program
    • Ecommerce
  • Resources
    • Guides
    • Webinars
    • Infographics
    • SiteCheck
    • Reports
    • Email Courses
  • Immediate Help
  • Login

Encryption

Manually Identifying an X-Cart Credit Card Skimmer

May 5, 2022Liam Smith

Manually Identifying an X-Cart Credit Card Skimmer

During a recent investigation, a new client came to us reporting that their antivirus had detected a suspicious domain loading on their website’s checkout page. We regularly receive reports like these, as this is a telltale indicator of a credit card skimmer infection. Our research…

Read More about Manually Identifying an X-Cart Credit Card Skimmer

Stylish Magento Card Stealer loads Without Script Tags

July 28, 2021Ben Martin

Stylish Magento Card Stealer loads Without Script Tags

Recently one of our analysts, Weston H., found a very interesting credit card stealer in a Magento environment which loads a malicious JavaScript without using any script tags. In this…

Read More about Stylish Magento Card Stealer loads Without Script Tags

How to Find & Fix Mixed Content Issues with SSL/HTTPS

April 29, 2021Tony Perez

How to Find & Fix Mixed Content Issues with SSL / HTTPS

Note: We’ve updated this post to reflect the evolving security standards around mixed content, SSLs, and server access as a whole. With the web’s increased emphasis on security, all sites…

Read More about How to Find & Fix Mixed Content Issues with SSL / HTTPS

PinnacleCart Server-Side Skimmer & Backdoor

May 15, 2020Luke Leal

WordPress Malware Collects Sensitive WooCommerce Data

During a recent investigation, our team found malicious code that reveals how attackers are performing reconnaissance to identify if sites are actively using WooCommerce in a compromised hosting environment. These…

Read More about WordPress Malware Collects Sensitive WooCommerce Data

April 6, 2020Cesar Anjos

Analyzing & Decrypting L4NC34’s Simple Ransomware

We’re constantly seeing news about computers being infected by ransomware, but very little do we hear about it affecting websites. That being said, the impact can be serious if the…

Read More about Analyzing & Decrypting L4NC34’s Simple Ransomware

Hacked Website Threat Report 2019

January 28, 2020Rianna MacLeod

Hacked Website Threat Report – 2019

The threat landscape for website owners is constantly shifting on a regular basis — and it’s becoming increasingly more complex. As attackers continue to develop tools and find new vulnerabilities…

Read More about Hacked Website Threat Report – 2019

Down the Malware Rabbit Hole Part 2

November 18, 2019Cesar Anjos

Down the Malware Rabbit Hole: Part II

In our last post in this series, we took a look at a code snippet that had been encoded in a very specific way — and hidden 91 layers deep….

Read More about Down the Malware Rabbit Hole: Part II

Mixed Content Chrome

November 14, 2019Peter Kankowski

Mixed Content Warnings in Google Chrome

Migrating your website to HTTPS may seem like a simple task. Get the TLS/SSL certificate, install it on your web server, and you’re done. The real pain for large projects,…

Read More about Mixed Content Warnings in Google Chrome

August 5, 2019Krasimir Konov

Malicious Plugin Used to Encrypt WordPress Posts

During a recent cleanup, we found an interesting malicious WordPress plugin, “WP Security”, that was being used to encrypt blog post content. The website owner complained of a newly installed…

Read More about Malicious Plugin Used to Encrypt WordPress Posts

Labs Note

July 27, 2019Luke Leal

“Loader for Secured Files” and arrayed b374k shell encoding

This file (33×77.php) was detected in the document root of a website during a website cleanup for a client. It demonstrates how hackers sometimes use comments or other text within…

Read More about “Loader for Secured Files” and arrayed b374k shell encoding

PHP Backdoor Evaluates XOR Encrypted Requests

May 29, 2019Luke Leal

PHP Backdoor Evaluates XOR Encrypted Requests

In the past, we’ve mentioned how the PHP XOR bitwise operator (represented by the caret ^)  can be used to encrypt a malware’s source code. This operator makes it more…

Read More about PHP Backdoor Evaluates XOR Encrypted Requests

Primary Sidebar

Socialize With Sucuri

We're actively engaged across multiple platforms. Follow us and let's connect!

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS Feed

Join Over 20,000 Subscribers!

Footer

Products

  • Website Firewall
  • Website AntiVirus
  • Website Backups
  • WordPress Security
  • Enterprise Services

Solutions

  • DDos Protection
  • Malware Detection
  • Malware Removal
  • Malware Prevention
  • Blacklist Removal

Support

  • Blog
  • Knowledge Base
  • SiteCheck
  • Research Labs
  • FAQ

Company

  • About
  • Media
  • Events
  • Employment
  • Contact
  • Testimonials
  • Facebook
  • Twitter
  • LinkedIn
  • Instagram

Customer Login

Sucuri Home

  • Terms of Use
  • Privacy Policy
  • Frequently Asked Questions

© 2022 Sucuri Inc. All rights reserved

Sucuri Cookie Policy
See our policy>>

Our website uses cookies, which help us to improve our site and enables us to deliver the best possible service and customer experience.