Collaborate Disseminate
We recently found a simple malicious script leveraging Magento’s internal functions to create a new admin user with the admin role “Inchoo” — probably referring to a Croatian Magento consulting company.
The script is sim… Continue reading Malicious Magento User Creator
Fake WordPress plugins appear to be trending as an effective way of establishing a foothold on compromised websites.
During a recent investigation, we discovered a fake component which was masquerading as a legitimate plugin. Named SiteSpeed, it conta… Continue reading Fake WordPress Plugin SiteSpeed Serves Malicious Ads & Backdoors
In today’s internet age we take our privacy for granted. We sign up for many services which are “free.” We participate in giveaways and generally give out information about ourselves all the time to websites that might not be very re… Continue reading How to Protect Personally Identifiable Information (PII) from Search Engines
While we deal with a lot of phishing cases, we rarely see mobile applications used as part of a phishing campaign—these apps add a layer of complexity to the process which deters some bad actors from incorporating into their attack.
To launch a … Continue reading Malicious Android Application Used in Phishing Scam
During a recent cleanup, we found an interesting malicious WordPress plugin, “WP Security”, that was being used to encrypt blog post content. The website owner complained of a newly installed and activated plugin on their website that was … Continue reading Malicious Plugin Used to Encrypt WordPress Posts
Logs can be very useful because they are a record of what was done by whom. They are especially useful when you need to find out more on how a website has been compromised. Since our job at Sucuri is to clean website malware, we don’t have any a… Continue reading FTP Logs Used to Determine Attack Vector
These days, the majority of store owners opt-in for the easiest closed-source ecommerce platform options.
For the most part, these platforms typically allow users to customize a template, as well as add images, videos, and some external content via ap… Continue reading Closed Source E-commerce Platforms Can Be Compromised
As a security company, we deal with a lot of compromised websites. Unfortunately, in most cases, we have limited access to customer logs, which is one of the reasons why we don’t offer forensic analysis.
Sucuri offers website monitoring, protect… Continue reading The Importance of Website Logs
Most websites today use cookies. Since May 25th, 2018, all websites that do business in the European Union (EU) had to make some changes to be compliant with the EU General Data Protection Regulation (GDPR). Even though cookie usage is mentioned only … Continue reading Cookie Consent Script Used to Distribute Malware
Google, Mozilla, and other web authorities are pushing for website owners to adopt HTTPS. Soon, Google Chrome will start flagging sites by displaying a warning that the site is “Not secure“.
Chrome 68 is already in Beta. Before long, … Continue reading Switching to HTTPS Before It’s Too Late