Website Security News
In the past, we’ve mentioned how the PHP XOR bitwise operator (represented by the caret ^) can be used to encrypt a malware’s source code. This operator makes it more difficult to determine if encrypted code is malicious, or if it is trying to protect…
Read More about PHP Backdoor Evaluates XOR Encrypted Requests
It isn’t easy to be secure all the time — this is especially true if you are new to cybersecurity. A well-formed security plan takes deliberate effort at the very…
Read More about Safer Internet Day: Security vs. Convenience
Here at Sucuri, we clean WordPress websites every day. There are various types of common malware, but when we stumble upon a different scenario, our research team likes to dig…
Read More about Spam Injector Disguised as License Key in WordPress Website
It is National Cyber Security Awareness Month and in order to bring awareness to what threatens the integrity of websites, we have started a series of posts on the OWASP…
During an incident response investigation, we detected an interesting piece of heavily obfuscated JavaScript malware. Once decoded, we found out that cryptominers were running on visitor’s computers when they accessed our…
In order to clean a malware infection, the first thing we need to know is which files have been compromised. At Sucuri, we use several techniques including whitelists, blacklists, and…
We are all familiar with the conventional domain name notation, where different levels are concatenated with the full stop character (period). E.g. “www.example.com”, where “www” is a subdomain, “example” is…
Read More about CoinImp Cryptominer and Fully Qualified Domain Names
Protecting our users’ information and privacy is extremely important to us. As a cloud-based security service, we are fully committed to complying with the PCI Data Security Standards (PCI DSS)…
Read More about Sucuri Enhances Security by Disabling TLS Version 1.0 and 1.1
Update: Read our new PCI Compliance guide. Sucuri aims at keeping the internet safe. That is why we are so keen on informing our customers of potential threats. We have posted…
Update: Read our new PCI Compliance guide. This is the third post in a series of articles on understanding the Payment Card Industry Data Security Standard – PCI DSS. We…
Read More about PCI for SMB: Requirement 3 & 4 – Secure Cardholder Data
The malware attack that began as an installation of malicious Injectbody/Injectscr WordPress plugins back in February has evolved since then. Some of the changes were documented as updates at the bottom…
