Tips for New Remote Workers

With the new pandemic hovering over our heads, the main piece of advice from most countries is stay home. Working remotely is a new reality for many people around the world, and Sucuri can help you make this new endeavor easier for you. We have been an entirely remote team since the creation of the company, more than 10 years ago.

Working from home has its perks and challenges. We asked our colleagues what recommendations they had for people who are starting to work from home as well as some advice to mitigate cybersecurity risks.

Continue reading Tips for New Remote Workers at Sucuri Blog.

Safe Browsing During a Pandemic: How to Spot COVID-19 Phishing Campaigns

Online bad actors tend to take advantage of tragedy for their own gain – and the coronavirus is no different.

While we would hope that cybercriminals would be sympathetic during a global health crisis, it already appears this may be a pipe dream. As the virus spread across the world causing shutdowns and quarantines, cybersecurity analysts began seeing coronavirus and COVID-19-themed cyberattacks in the wild. In the Czech Republic, a hospital that was a designated testing center was hit with ransomware.

Continue reading Safe Browsing During a Pandemic: How to Spot COVID-19 Phishing Campaigns at Sucuri Blog.

Free Sucuri WAF for Medical & Social Services

During the COVID-19 pandemic, there is concern about health systems worldwide. Many people in isolation or self-quarantine are looking for accurate medical information online on a daily basis.

As a result, it is crucial that public health and social service websites remain available. We want to prevent malicious users from abusing these types of websites. So, we decided to stand up and do something about it.

Free year of the Sucuri WAF for crisis responders

Sucuri is going to provide crisis responders with a free website firewall for one year during the coronavirus pandemic.

Continue reading Free Sucuri WAF for Medical & Social Services at Sucuri Blog.

Assemble the Cookies

When we investigate compromised websites, it’s not unusual to find malicious files that have been obfuscated through forms of encoding or encryption — however, these are not the only methods that attackers use to obfuscate code.

Obfuscation via Predefined PHP Variables

Here’s an example of obfuscation that doesn’t use encoding or encryption in any way:


Instead, this example splits a PHP predefined variable, $_COOKIE, into segmented strings assigned to variables before concatenating them.

Continue reading Assemble the Cookies at Sucuri Blog.

2020 Website Security Glossary

As the online threat landscape continues to evolve, so too does the language we use to describe it. To support a safer internet for everyone, we’ve compiled this glossary. Based on our research, this is today’s most relevant terminology in website security.


Adware: Often in the form of browser pop-ups or unclosable windows, adware displays advertisements which then generate revenue for the attacker

AntiVirus (Website): A website security system designed to detect and destroy malware that infects websites.

Continue reading 2020 Website Security Glossary at Sucuri Blog.

3-D Secure SMS-OTP Phishing

One of our remediation analysts Eli Trevino recently discovered a phishing page informing victims about fake Netflix service disruptions, supposedly due to problems with the victim’s payment method.

The phishing page prompts victims to provide their payment details to prevent account lockout:

What’s interesting about this phishing page is that it selectively targets victims within a specific geographic region: France. The attackers use French for the page content, and the country calling code is default set to 33 which is designated for calls made to France.

Continue reading 3-D Secure SMS-OTP Phishing at Sucuri Blog.

Pin It on Pinterest