Home | News | Sucuri Security News (page 10)

Sucuri Security News

Creating a Basic Website Security Framework

When you build or remodel a house, construction workers create a strong framework that can withstand the elements to keep your home and possessions secure. But what happens if you ignore proper building codes and inspections? The resulting risks to health and security are unacceptable. The same concept applies to how you secure your websites and the environments they reside ...

Read More »

Affiliate Cookie Stuffing in iFrames

Inline frames (iFrames) are an easy way to embed content from another site onto your own. This element allows you to insert another document inside an HTML page and can be really useful for embedding interactive applications like Google maps, advertisements and ecommerce applications. iFrame elements are also popular with website attackers because it allows them to easily load malicious ...

Read More »

Intro to Securing an Online Store

Ecommerce websites have one of the most difficult challenges in the web security space – keeping the implicit trust of a customer in order to make them feel safe shopping on the site. Whether the business started as a local brick-and-mortar shop, or deployed online from the start, it’s easy to design a website and organize content. It’s not as ...

Read More »

Mining Adminers – Hackers Scan the Internet For DB Scripts

Hackers are constantly scanning the internet for exploitable sites, which is why even small, new sites should be fully patched and protected. At the same time, it is not feasible to scan the whole internet with 330+ million domains and billions of web pages. Even Google can’t do it, but hackers are always getting better at reconnaissance. Despite these limitations, ...

Read More »

Google Warnings For Form Input Over HTTP Coming in October

For years, Google has been actively seeking ways to encourage website owners to implement SSL certificates. SSL allows websites to be accessed over HTTPS, which encrypts information sent between the visitor and web server. Recently, we discussed how Google is moving from a reward system to a punitive one. Websites using SSL continue to get an SEO boost since it ...

Read More »

Expired Domain Leads to WordPress Plugin Redirects

A malicious redirect is a snippet of code used by attackers with the intention of redirecting visitors to another site; a very common tactic seen in compromised websites. These redirects often take visitors to phishing, malware, or advertising sites with the intention of capturing sensitive user data, distributing malware and backdoors, or generating advertisement impressions. We’ve written before about how ...

Read More »

Evasion Techniques in Phishing Attacks

We all know that we shouldn’t click on links from sketchy looking emails. But what if the website you’re viewing takes you to a spoofed page at the Apple ID store and asks for your login information to proceed? This tactic is called phishing, and attacks are exponentially on the rise. Used by hackers to encourage unsuspecting victims to hand ...

Read More »

Personal Security Guide – iOS/Android

We’ve covered a lot of personal security practices, but many people forget how important it is to secure mobile devices, which are riddled with personal information. Website owners should consider how their entire digital life can impact the security of their website and visitors. If your phone is compromised, website access can be impacted through access to credentials and sensitive ...

Read More »