When considering why hackers are attacking websites, you might think that there’s a specific reason they target you as a website owner—your business, your reputation, or your information. The truth is, while it feels personal to the victim, hackers rarely single out specific targets. Most of the time, hackers perform mass searches for specific vulnerabilities, and target these sites collectively.
Before we look at the psychology behind website hacks, we should first break our hackers out into groups based on their motivations.
Continue reading 5 Types of Hackers & Why They Hack at Sucuri Blog.
What are internet cookies, how should you feel about them? Are they helpful, harmless, dangerous?
Usually, we must let go of one thing to gain another. Cookies are key to our modern online experience with targeted website ads and predictive search text that seems to read our minds. Cookies help us gain a customized online experience, but what do we lose? Are we being manipulated by our own data?
There has been great debate over the ethics of cookies and where to draw the line.
Continue reading A Cheat-Sheet on Internet Cookies – (Who, What, When, Why & How) at Sucuri Blog.
Recently, one of our analysts @kpetku came across a series of semi-randomised malware injections in multiple WordPress environments. Typical of spam redirect infections, the malware redirects visitors by calling malicious files hosted on third party infected websites.
Interestingly, the infection stores itself as encoded content in the database and is called through random functions littered throughout plugin files using a very common wordpress function “get_option”. In this post we will review this infection and its characteristics.
Continue reading Multistage WordPress Redirect Kit at Sucuri Blog.
Most of us are already familiar with phishing: A common type of internet scam where unsuspecting victims are conned into entering their real login credentials on fake pages controlled by attackers. Once entered, the attackers syphon off those login details and use them for their own purposes. Sometimes this can just be a nuisance: for example someone entering their Netflix account login information into a bogus page. Things become much more serious when banking information is involved.
Continue reading Analysis of a Phishing Kit (that targets Chase Bank) at Sucuri Blog.
Can you think of an online service that doesn’t require a password?
Everything on the internet requires a password. However, constantly creating and remembering new and ever more complex passwords is no small task.
In fact, 66% of people polled admitted to using the same password more than once because of how hard it is to remember passwords that are considered strong. Taking steps to make passwords easier to remember can also make them easier for hackers to guess.
Continue reading How Passwords Get Hacked at Sucuri Blog.
While unpatched installations of Magento 2 contain many vulnerabilities, I’m going to focus my attention on Magento 1 for this article. This is because Magento 2 provides regularly updated patches for many of the most common vulnerabilities targeting the platform. While Magento 1 also contains patches for many known vulnerabilities, those patches are not currently maintained.
Magento 1 reached its end-of-support on June 30, 2020. When Magento 2 was released, the focus was to improve security, include speed improvements, support the latest PHP installations, include SEO optimizations and provide a more user-friendly interface.
Continue reading 7 Ways to Secure Magento 1 at Sucuri Blog.