Shopping season is here, and so is the opportunity for ecommerce site owners to grow their business and generate revenue. In lieu of the changing global ecommerce climate that this pandemic has produced, comes the importance of securing your website to protect your users — and your revenue streams.
Your online customers depend on you to protect their data implicitly. As an ecommerce website owner, you’re required to follow the PCI-DSS compliance requirements to securely handle cardholder information — even if you don’t process the payments yourself.
Continue reading Securing Your Online Store for the Holidays at Sucuri Blog.
October is National Cyber Security Awareness Month, and we’re back with analyst Antony Garand to take a deeper look into cross site scripting (XSS) attacks and WordPress plugin vulnerabilities. Plus, host Justin Channell will catch you up on the latest website security news from the Sucuri blog.
For further reading about any of these topics, check out these blogs we reference in the episode:
- WordPress Malware Disables Security Plugins to Avoid Detection
- Critical Vulnerability in File Manager Plugin Affecting 700k WordPress Websites
- Reflected XSS in WordPress Plugin Admin Pages
- Backdoor Shell Dropper Deploys CMS-Specific Malware
- Magento Multiversion (1.x/2.x) Backdoor
Hello and welcome to the Sucuri Sit-Down.
Continue reading Sucuri Sit-Down Episode 4: XSS & WP Plugin Vulnerabilities with Antony Garand at Sucuri Blog.
During a recent investigation, a Magento admin login phishing page was found on a compromised website using the file name wp-order.php. This is an odd file name choice for a Magento phishing page, but nevertheless it successfully loads a legitimate looking Magento 1.x login page.
What is not immediately visible or apparent to victims, however, is that the page elements like the images and CSS structure are almost all loaded from a malicious domain — orderline[.]club:
Harvesting Magento Login Credentials
For stolen data exfiltration, the phishing page uses a technique that doesn’t require a separate PHP file or rely on PHP functions to send out an email to the attacker, which is what we often find for exfiltration on phishing pages like this.
During a recent investigation, we found an infected website was redirecting to YouTube after its main index.php file had been modified to include the following line of HTML:
<meta http-equiv=’refresh’ content=’2;url=https://youtu.be/fsqzjDAO2Ug’>
This technique works because it’s possible to use HTML within .php files — as long as the HTML is outside the PHP code tags.
In this case, the HTML is the only code that exists, so there are no PHP tags to avoid.
Continue reading Redirects to YouTube Defacement Channel at Sucuri Blog.
The responsibility of ensuring that a website is protected falls on the website owner, but the security expectation may fall on the web service provider too.
As a professional, you are the trusted party and first point of contact.
Much of what your clients learn about web technology and security specifically comes from you. In other words, you have the ability to impact your client’s online security posture.
Continue reading Opening the Conversation about Website Security at Sucuri Blog.