Sucuri Security
22,010 followers
New Thinking 
Abdul Noormohamed 
Lady_Verta 
The Deceptive Site Ahead warning is used by #Google to flag websites that are found to contain harmful #phishing or #socialengineering attacks. By @RiannaMacLeod
#malware #websitesecurity #infosec
sucur.it/3jafS5K
Shady #browser #extensions, stealers downloads from #Discord, unwanted #redirects — thousands of hacked #WordPress sites with track.violetlovelines[.com injection work as a platform for a black hat ad network. Research by @unmaskparasites and @_jamsec.
sucur.it/3wpOJP8
2 for 1 deal: It's not uncommon to find more than one type of #malware on a compromised #WordPress site. Research by @buzzygingersnap.
#infosec #websitesecurity #redirects
sucur.it/3XrjLC8
Yes — #WordPress core is safe to use, but only if you maintain it to the latest version and harden the admin login page. Always patch your #plugins and #themes and use strong, unique #passwords for all your accounts!
#websitesecurity
sucur.it/3J0QV7r
Critical errors in #WordPress can occur for a myriad of reasons — but in many cases, they’re the result of conflicts in #plugins, #theme files, or #PHP related issues.
#infosec #websitesecurity #WP
sucur.it/3QAkOwU
Using unsafe characters in paths? Just don't. Unsafe characters can lead to false positives in #web application #firewalls and interpretation problems for web #browsers and #servers. By @marckranat.
#waf #infosec #websitesecurity
sucur.it/3vQZ7iN
Found unwanted ads or redirects on your #Weebly site? Check for hidden custom #code blocks and edits to your header.html file.
#malware #websiteinfection #infosec
sucur.it/3ii8eFW
Another year closer to cookiepocalypse? #Google might be planning to stop the use of third-party #cookies by 2024, but that doesn't protect your #privacy now. @v_santoyo brings the latest on cookies and personal privacy.
#websitesecurity #infosec
sucur.it/3Z2UGih
New security releases and patches are available. Always patch #WordPress core along with any #themes or #plugins to the latest version to mitigate risk and protect your site!
#WP #websitesecurity
sucur.it/3GrGZlH
Always keep a recent working copy of your #WordPress files stored off your #server in a secure location to prevent unauthorized access to wp-config.php.
#websitesecurity #OWASP #infosec
sucur.it/3jciSxZ
Fake #domains leveraging popular resources? Not a new technique. Attackers are using the #jQuery0 domain name to trick visitors and #webmasters into thinking sites are loading legitimate #jQuery resources. Research by @buzzygingersnap.
sucur.it/3G6PYZ3
#Backdoors are often #exploited by attackers long after initial infection has occurred. Keep your #software patched and scan your site regularly for IoC's! By @KrasimirSec
#websitesecurity #infosec #owasp
sucur.it/3W3sUAe
Input validation rule #1: Never, ever trust user input.
#websitesecurity #infosec #xss #sqli #owasp
sucur.it/3hn7DCi
Doing some online #shopping this #holiday season? Consider using a virtual card to mitigate risk to your accounts. And keep an eye out for #skimmers at brick-and-mortar shops!
#PCI #ecommerce #infosec
sucur.it/3BlKt63
This #malicious #JavaScript (detected on over 170 websites so far) redirects site visitors to fake #captcha spam and is found injected into #WordPress #plugins via the _inc.tmp file.
#infosec #websitesecurity
sucur.it/3VIMS3a
Offshore gambling sites and #apps targeting Chinese speaking users are #hacking thousands of sites in their black hat #SEO campaigns. And now, they're monetizing interest with the Qatar #FIFA World Cup. Research by @unmaskparasites.
#infosec
sucur.it/3FkfHNu
New #security releases and patches are available. Always patch #WordPress core along with any #themes or #plugins with the latest versions to mitigate risk!
#websitesecurity #infosec #WP
sucur.it/3OLwrQF
We've observed a change in obfuscation for the latest wave of cid=27x #SocGholish campaigns, which are now based on the #javascript-obfuscator library. Research by @unmaskparasites.
#infosec #websitesecurity #malware
blog.sucuri.net/2022/11/new-wa…
FTP? Nah — try installing and managing #WordPress via #SSH for a more convenient (and secure) #WP experience!
#infosec #websitesecurity
sucur.it/3EvVm67
To prevent your #website from serving malicious #software to visitors, implement hardening techniques to reduce the risk of a compromise.
#malware #infosec #websitesecurity
sucur.it/3V1SUeV
Join us November 16th for our webinar with John Booker on how to Virtually Patch your website for vulnerabilities and why.
#infosec #wordpress #websitesecurity twitter.com/i/broadcasts/1…
This new #SocGholish variant loads #malware from a zipped template and encoded #WordPress database record. Research by @_jamsec and @unmaskparasites.
#infosec #websitesecurity
sucur.it/3UV03O5
If you care about your site and visitors, you’ll want to take steps to harden your #website against attacks. These techniques can help reduce risk from automated attacks, known #vulnerabilities, and strengthen any weak access points.
#infosec
sucur.it/3UnTmDI
Join @v_santoyo if you own or manage an #ecommerce website or if you are planning to start your online store in time for the holidays.
#PCI #websitesecurity #infosec twitter.com/GoDaddyPro/sta…
If you want to use resources from another #server apart from your own, you’re going to need to use #CORS. But make sure you configure CORS correctly to avoid #vulnerabilities! By @RiannaMacLeod
#infosec #websitesecurity #hosting
sucur.it/3ft9xk5
Don’t make it a sweet Black Friday for #skimmers. Six #ecommerce #security threats to look out for during #BlackFriday and #CyberMonday.
#infosec #BeCyberSmart #PCI
sucur.it/3TW6oIt
New #security releases and patches are available. Patch #WordPress core and #plugins to the latest versions to mitigate risk!
#NCSAM2022 #BeCyberSmart #websitesecurity
sucur.it/3TOY39s
Not sure if it's #malware or a #virus? What's the difference, anyways? In our latest post, Stephen lays it all out on the table with steps on how to check.
#infosec #NCSAM2022 #BeCyberSmart
sucur.it/3NaM2bL
When #hackers are able to compromise an environment, they can tamper with important #security controls to evade detection and execute #malicious behavior. Research by @_jamsec
#infosec #NCSAM2022 #websitesecurity #SEO
sucur.it/3SiCIDJ
Any #malware that overloads the #server can lead to 503 errors. For example, #cryptominer malware is designed to abuse the resources and often results in maxed out CPU... @RiannaMacLeod explains the why and how to fix.
#infosec #WordPress #NCSAM2022
sucur.it/3EVk9CC
If not performed correctly, debugging in #WordPress can inadvertently lead to sensitive data exposure on your #website. Read how to securely #debug errors in #WP.
#NCSAM2022 #BeCyberSmart #Infosec
sucur.it/3Muc35y
A GoDaddy/Sucuri co-hosted #webinar where we cover the latest findings from our SiteCheck #Malware Trends quarterly report. We’ll shed light on some of the most common malware infections detected on websites last quarter with our remote scanner. twitter.com/i/broadcasts/1…
How do #malware attacks work? We clarify the importance of prioritizing defense against attacks, and explain how to prevent and recover from an attack.
#infosec #websitesecurity #NCSAM2022
blog.sucuri.net/2022/10/what-i…
Here are 12 best practices to improve #Joomla! security by @v_santoyo
#websitesecurity #infosec #CMS
blog.sucuri.net/2022/10/how-to…
Vulnerability researcher Antony Garand rounds-up the top #WordPress #plugin #vulnerabilities and updates for September, 2022.
#infosec #websitesecurity
blog.sucuri.net/2022/09/wordpr…
This latest wave of variants targets #WordPress sites and employs new #obfuscation and #exploitation techniques to serve fake #DDoS warnings and coerce victims into downloading RATs. Research by @_jamsec.
#infosec #websitesecurity
blog.sucuri.net/2022/09/new-ma…
If your #Google ad was recently disapproved due to #malicious #software, you’ll need to identify issue and clean up the #malware from your site before you appeal and submit the ad for approval again.
#infosec #websitesecurity #PPC
blog.sucuri.net/2022/09/how-to…
A month ago I hosted @Kherbrandson and @KaraElizaF of @sucurisecurity at our regular @GoDaddyPro #EMEA meetup & we learned some great tips about #WordPress #website #security and #malware removal. So enjoy the highlights of our event!
1. About WAF & CDN ...
Retweeted by Sucuri Security Keeping your #software updated with the latest #security patches is essential for protecting your #site from attackers looking to exploit known #vulnerabilities. In the event you can't update right away, virtual #patching can help deter attacks.
blog.sucuri.net/2022/09/a-guid…
PSA: #Magento store owners should completely remove, reinstall, and upgrade all instances of #FishPig #software present within their environment and check their systems for any signs of infection.
#websitesecurity #malware #infosec
blog.sucuri.net/2022/09/magent…
Top Security tips with @v_santoyo
#infosec #websitesecurity #BeCyberSmart twitter.com/v_santoyo/stat…
#SEO #spam in Visual Composer raw #HTML blocks — and some tips on how to find these spam links in your database.
#infosec #becybersmart #websitesecurity
blog.sucuri.net/2022/09/gambli…
#Clickjacking can lure site visitors into performing actions like downloading #malware or transferring money to target accounts. It can even exploit auto-fill functionalities in #password managers.
#BeCyberSmart #infosec #websitesecurity
blog.sucuri.net/2022/09/what-i…
When a website is #hacked symptoms sometimes include unfamiliar and strangely located #favicon or .ico files. Learn how attackers use favicons in #malware and steps you can take to detect and cleanup the malicious files.
#infosec #BeCyberSmart
blog.sucuri.net/2022/09/how-ar…
Learn about what a #500 internal #server error is, potential causes, and how to troubleshoot it.
#websitesecurity #infosec
blog.sucuri.net/2022/09/what-i…
Vulnerability researcher Antony Garand rounds-up the top #WordPress #plugin vulnerabilities and updates for August 2022.
#infosec #cybersecurity #BeCyberSmart
blog.sucuri.net/2022/08/wordpr…
According to our data nearly 60% of all #skimmers externally detected by our SiteCheck tool were targeting #WordPress #CMS so far this year. By @_jamsec
#infosec #PCI #cybersecurity
blog.sucuri.net/2022/08/examin…
A recent surge in #JavaScript injections targeting #WordPress sites has resulted in fake #DDoS prevent prompts which lead victims to download remote access trojan #malware . Analysis by by @_jamsec.
#infosec #cybersecurity
blog.sucuri.net/2022/08/fake-d…
Tracking #SocGholish for the last 5 years: massive #website #hacks ➔ Fake Updates ➔ #ransomware
Analysis by @unmaskparasites
#infosec #cybersecurity
blog.sucuri.net/2022/08/socgho…
Twiends™ uses the Twitter™ API, displays it's logo & trademarks, and is not endorsed or certified by them. These items remain the property of Twitter.
We do not sell followers, we only provide display advertising. Bots & fake accounts are not permitted on twiends. © 2009