With the web’s increased emphasis on security, all sites should operate on HTTPS. Installing an SSL certificate allows you to make that transition with your website. But it can also have an unintended consequence for sites that have been operating on HTTP previously: Mixed content issues and warnings.

In this post, we’ll take a look at common reasons for mixed content errors, what causes them, and how you can fix them on your website.

Continue reading How to Quickly Find & Fix Mixed Content Issues (SSL/HTTPS) at Sucuri Blog.

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises.

To help educate website owners on emerging threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this past month.

The vulnerabilities listed below are virtually patched by the Sucuri Firewall and existing clients are protected.

Continue reading WordPress Vulnerability & Patch Roundup August 2023 at Sucuri Blog.

Today’s story starts much the same as many others on this blog: A new client came to us reporting that credit card details were being compromised from their checkout page. The website owner had even been contacted by a major credit card company who had identified their domain as a “common point point of purchase” of reportedly compromised cards. Thus begins our investigation into tracking down the culprit.

Magecart infections in OpenCart

Magecart is the nickname given to web-based malware that harvests credit card data from compromised ecommerce websites.

Continue reading Compromised OpenCart Payment Module Steals Credit Card Information at Sucuri Blog.

A question we frequently get from new users as they’re onboarding is: why does WordPress get hacked? Of course, this question makes sense in this context; it’s extremely frustrating to find out that your WordPress website has been compromised and you need to tackle an infection or increase security controls. Surely you’d want to understand why.

However — while all websites are susceptible to hacks, certain errors could be increasing the vulnerability of your website.

Continue reading Why WordPress Gets Hacked at Sucuri Blog.

Last week on August 8th, 2023, Adobe released a critical security patch for Adobe Commerce and the Magento Open Source CMS. The patch provides fixes for three vulnerabilities which affect the popular ecommerce platforms. Successful exploitation could lead to arbitrary code execution, privilege escalation and arbitrary file system read.

Affected versions of Magento Open Source are as follows:

• 2.4.6-p1 and earlier
• 2.4.5-p3 and earlier
• 2.4.4-p4 and earlier

Website administrators are advised to update their software immediately to mitigate risk to their Magento and Adobe Commerce environments.

Continue reading Critical Security Update for Magento Open Source & Adobe Commerce at Sucuri Blog.

A vast majority of website malware employ the ever-familiar HTTP/HTTPS protocols for its malicious activities. But, we also periodically confront more interesting hybrid malware leveraging various other internet protocols. For example, malware sending email spam, DDoS tools creating floods of UDP packets, bruteforce tools trying to guess SSH credentials, phishing and credit card skimming malware exfiltrating data via web sockets, telegram bots — the list goes on.

During a recent investigation, we encountered a rather interesting piece of JavaScript malware that indirectly uses the DNS protocol to obtain redirect URLs.

Continue reading From Google DNS to Tech Support Scam Sites: Unmasking the Malware Trail at Sucuri Blog.