Collaborate Disseminate
Today is World Backup Day. This date was created to remind people of the importance of having backups set up for everything that matters. I am pretty sure your website falls into the category of precious digital assets.
Why are website backups impor… Continue reading The Importance of Website Backups
As much as the web has grown, surprisingly not a lot has changed in how websites get hacked.
The most important thing you can do in keeping the web – and your own sites and visitors – safe is to understand these unchanging truths and hold them close t… Continue reading How Do Websites Get Hacked?
When it comes to an organization’s security, business email compromise (BEC) attacks are a big problem. One primary reason impacts are so significant is that attacks often use a human victim to authorize a fraudulent transaction to bypass existing sec… Continue reading Trojan Spyware and BEC Attacks
Realtime Blackhole Lists (RBLs) can be a great tool in your security arsenal. You may not know you’re using them, but all email providers and company email servers leverage these services to verify whether servers and IP addresses are sending spam or … Continue reading UCEPROTECT: When RBLs Go Bad
Aside from providing significant protection from a wide range of threats, the Sucuri WAF also acts as a CDN due to its caching capabilities and regional PoPs — often performing even better than dedicated CDNs based on recent tests.
CDNs can significan… Continue reading Optimizing Performance and Behavior with WordPress and the Sucuri WAF
It’s common knowledge that attackers often use email as a delivery mechanism for their malicious activity — which can range from enticing victims to click a phishing URL or download a malicious attachment.
To support these activities, attackers seek o… Continue reading Phishing & Malspam with Leaf PHPMailer
We recently found an interesting phishing kit on a compromised website that has QR code capabilities, along with the ability to control the phishing page in real time. What our investigation revealed was that attackers were leveraging PIX, a new payme… Continue reading Real-Time Phishing Kit Targets Brazilian Central Bank
Identifying website backdoors is not always an easy task. Since a backdoors primary function is to conceal itself while providing unauthorized access, they are often developed using a variety of techniques that can make it challenging to detect.
For e… Continue reading Evaluating Cookies to Hide Backdoors
It’s not very often that we see abandoned components being used on a website — but when we do, it’s most often because the website was exhibiting malware-like behavior and we were called to investigate and clean up the site.
Old and abandoned plugins … Continue reading The Dangers of Using Abandoned Plugins & Themes
Attackers are always trying to come up with new ways to evade detection from the wide range of security controls available for web applications. This also extends to malware like PHP shells, which are typically left on compromised websites as a backdo… Continue reading Obfuscation Techniques in MARIJUANA Shell “Bypass”