Website Security News
It isn’t easy to be secure all the time — this is especially true if you are new to cybersecurity. A well-formed security plan takes deliberate effort at the very least, and constant vigilance at most. Even the top experts have room to improve because…
Read More about Safer Internet Day: Security vs. Convenience
Here at Sucuri, we clean WordPress websites every day. There are various types of common malware, but when we stumble upon a different scenario, our research team likes to dig…
Read More about Spam Injector Disguised as License Key in WordPress Website
It is National Cyber Security Awareness Month and in order to bring awareness to what threatens the integrity of websites, we have started a series of posts on the OWASP…
During an incident response investigation, we detected an interesting piece of heavily obfuscated JavaScript malware. Once decoded, we found out that cryptominers were running on visitor’s computers when they accessed our…
In order to clean a malware infection, the first thing we need to know is which files have been compromised. At Sucuri, we use several techniques including whitelists, blacklists, and…
We are all familiar with the conventional domain name notation, where different levels are concatenated with the full stop character (period). E.g. “www.example.com”, where “www” is a subdomain, “example” is…
Read More about CoinImp Cryptominer and Fully Qualified Domain Names
Protecting our users’ information and privacy is extremely important to us. As a cloud-based security service, we are fully committed to complying with the PCI Data Security Standards (PCI DSS)…
Read More about Sucuri Enhances Security by Disabling TLS Version 1.0 and 1.1
Update: Read our new PCI Compliance guide. Sucuri aims at keeping the internet safe. That is why we are so keen on informing our customers of potential threats. We have posted…
Update: Read our new PCI Compliance guide. This is the third post in a series of articles on understanding the Payment Card Industry Data Security Standard – PCI DSS. We…
Read More about PCI for SMB: Requirement 3 & 4 – Secure Cardholder Data
The malware attack that began as an installation of malicious Injectbody/Injectscr WordPress plugins back in February has evolved since then. Some of the changes were documented as updates at the bottom…
Recently we wrote about how GitHub/GitHub.io was used in attacks that injected cryptocurrency miners into compromised websites. Around the same time, we noticed another attack that also used GitHub for…
Read More about Malicious Website Cryptominers from GitHub. Part 2.
