Website Security News
It is National Cyber Security Awareness Month and in order to bring awareness to what threatens the integrity of websites, we have started a series of posts on the OWASP top 10 security risks. The OWASP Top 10 list consists of the 10 most seen…
During an incident response investigation, we detected an interesting piece of heavily obfuscated JavaScript malware. Once decoded, we found out that cryptominers were running on visitor’s computers when they accessed our…
In order to clean a malware infection, the first thing we need to know is which files have been compromised. At Sucuri, we use several techniques including whitelists, blacklists, and…
We are all familiar with the conventional domain name notation, where different levels are concatenated with the full stop character (period). E.g. “www.example.com”, where “www” is a subdomain, “example” is…
Read More about CoinImp Cryptominer and Fully Qualified Domain Names
Protecting our users’ information and privacy is extremely important to us. As a cloud-based security service, we are fully committed to complying with the PCI Data Security Standards (PCI DSS)…
Read More about Sucuri Enhances Security by Disabling TLS Version 1.0 and 1.1
Sucuri aims at keeping the internet safe. That is why we are so keen on informing our customers of potential threats. We have posted many articles regarding ecommerce security breaches that…
This is the third post in a series of articles on understanding the Payment Card Industry Data Security Standard – PCI DSS. We want to show how PCI DSS affects…
Read More about PCI for SMB: Requirement 3 & 4 – Secure Cardholder Data
The malware attack that began as an installation of malicious Injectbody/Injectscr WordPress plugins back in February has evolved since then. Some of the changes were documented as updates at the bottom…
Recently we wrote about how GitHub/GitHub.io was used in attacks that injected cryptocurrency miners into compromised websites. Around the same time, we noticed another attack that also used GitHub for…
Read More about Malicious Website Cryptominers from GitHub. Part 2.
Last month we wrote about how the emergence of website cryptocurrency miners resulted in hackers abusing the technology by injecting the CoinHive miners into compromised sites without the consent of…
If you are doing website development and have a local repository, or store website backups on your computer, you should strongly consider encrypting these sensitive files. In the event that…
Read More about Using a VeraCrypt File Container to Encrypt Local Website Files
