How do I Know if a Website is Safe to Use my Credit Card?

With regular news stories about companies being hacked, database breaches, internet-breaking vulnerabilities and online credit card theft, web users are justifiably anxious about making online purchases for fear that their personal information will be compromised by attackers. But where does legitimate concern end and outright paranoia begin? In this post I will try to dispel some of this anxiety and equip users with knowledge on how to make safe purchases online.

It’s a Big, Scary Web

In a previous two-part series on this blog we detailed the general overview of the web’s ecommerce environment and discussed why some websites are more prone to credit card theft than others.

Continue reading How do I Know if a Website is Safe to Use my Credit Card? at Sucuri Blog.

Most Interesting Vulnerabilities of 2021

As with most years, there’s been a wide array of critical vulnerabilities found within content management systems, plugins, API keys, etc. We’ll be recapping our discoveries and how these vulnerabilities were exploited, or potentially could have been. 

Adobe Patches Critical Magento Vulnerabilities

This past year, Adobe released several critical security patches for both their commercial and open source ecommerce platform. 16 issues were listed in the patch notes, but only ten vulnerabilities didn’t require any authentication to be exploited.

Continue reading Most Interesting Vulnerabilities of 2021 at Sucuri Blog.

How to Add SSL & Move WordPress from HTTP to HTTPS

Making sure your website uses HTTPS should be a top priority for any webmaster 

In fact, recent statistics show that over 42% of site administrators across the web use WordPress, and many of these sites still don’t have an SSL certificate installed.

The Importance of SSL

For the past several years, SSL has become increasingly important. Not only is SSL crucial for securely transmitting information to and from a website, but also in terms of search engine visibility.

Continue reading How to Add SSL & Move WordPress from HTTP to HTTPS at Sucuri Blog.

Critical Vulnerabilities in All in One SEO Plugin Affects Millions of WordPress Websites

Security Risk: High

Exploitation Level: Easy

CVSS Score: 9.9 / 7.7

Vulnerability: Privilege Escalation, SQL Injection

Patched Version: 4.1.5.3

Last week, security researcher at Automattic Marc Montpas recently discovered two severe security vulnerabilities within one of the most popular SEO plugins used by WordPress website owners: All in One SEO. The plugin is used by more than three million websites and if left unpatched could cause some serious headaches for WordPress users.

Continue reading Critical Vulnerabilities in All in One SEO Plugin Affects Millions of WordPress Websites at Sucuri Blog.

How to Find and Fix a WordPress Pharma Hack

Did you know that one quarter of all spam emails are accredited to pharmaceutical ads? Pharma hacks go beyond the inbox and spam websites by redirecting traffic and adding fake keywords and subdomains to the search results.

Why, and how did the medical world get tangled up in spam emails, SEO spam, redirects, and website spam injection?

The answer is – money.

The Ways and Means Committee ( responsible for taxation and budget recommendations) stated in their 2019 report that Americans pay anywhere from 4x to 67x the price as other countries for the same drug.

Continue reading How to Find and Fix a WordPress Pharma Hack at Sucuri Blog.

Log4j Vulnerability: The Perfect Holiday Present that Nobody Wants

A critical server security vulnerability in the Java logging library Log4j is taking the internet by storm because code to actively exploit this vulnerability is already widely distributed across the web. Originally found on the popular game Minecraft, it has since been shown to affect most web servers running Apache along with its ubiquitous logging library Log4j. It has been actively exploited by threat actors across the web. It is easily the most severe vulnerability of 2021, clocking in at 10/10 on the CVSS scale.

Continue reading Log4j Vulnerability: The Perfect Holiday Present that Nobody Wants at Sucuri Blog.

Pin It on Pinterest