Website Security News
Sucuri aims at keeping the internet safe. That is why we are so keen on informing our customers of potential threats. We have posted many articles regarding ecommerce security breaches that steal credit card information, as well as the risks for ecommerce site owners. There can…
This is the third post in a series of articles on understanding the Payment Card Industry Data Security Standard – PCI DSS. We want to show how PCI DSS affects…
Read More about PCI for SMB: Requirement 3 & 4 – Secure Cardholder Data
The malware attack that began as an installation of malicious Injectbody/Injectscr WordPress plugins back in February has evolved since then. Some of the changes were documented as updates at the bottom…
Recently we wrote about how GitHub/GitHub.io was used in attacks that injected cryptocurrency miners into compromised websites. Around the same time, we noticed another attack that also used GitHub for…
Read More about Malicious Website Cryptominers from GitHub. Part 2.
Last month we wrote about how the emergence of website cryptocurrency miners resulted in hackers abusing the technology by injecting the CoinHive miners into compromised sites without the consent of…
If you are doing website development and have a local repository, or store website backups on your computer, you should strongly consider encrypting these sensitive files. In the event that…
Read More about Using a VeraCrypt File Container to Encrypt Local Website Files
When cleaning websites, one of the most complicated parts of our job is ensuring we find all backdoors. Most of the time, attackers inject code into different locations to increase…
PHP contains an interesting but rarely used feature called Phar, which stands for PHp ARchive, that allows developers to package entire applications as a single executable file. It also boasts…
Read More about Code Injection in Signed PHP Archives (Phar)
SSL certificates are a hot topic today. Website owners are becoming increasingly aware that collecting information on non-HTTPS secured pages is a bad idea and the larger web ecosystem is…
Update: We have created a guide to help website owners learn how to implement SSL on websites for free. Much of the web continues to march towards creating secure communications…
Read More about Troubleshooting Mixed Content Warnings with HTTPS
Web developers today rely on various third-party APIs. For example, these APIs allow you to accept credit card payments, integrate a social network with your website, or clear your CDN’s…
Read More about Beware of Unverified TLS Certificates in PHP & Python
