Sucuri Enhances Security by Disabling TLS Version 1.0 and 1.1

Protecting our users’ information and privacy is extremely important to us. As a cloud-based security service, we are fully committed to complying with the PCI Data Security Standards (PCI DSS) requirements. That is why Sucuri disabled support for TLS version 1.0 and 1.1 to our WAF/CDN edge nodes on June 28, 2018.
What Is TLS?
Transport Layer Security (TLS) is a cryptographic protocol used to enhance the security of a communication channel by encrypting the traffic between the parties involved.
Continue reading Sucuri Enhances Security by Disabling TLS Version 1.0 and 1.1 at Sucuri Blog.


Less Than One Month Until Google Chrome Marks HTTP Sites “Not Secure”

This post was authored by Jason Wood, founder of Paladin Security, a host on Security Weekly and commentator on Hack Naked News. This post is sponsored by DigiCert.   There are a number of changes coming up to how Google Chrome warns people about the use (or lack of use) of encryption.  The most immediate […]
The post Less Than One Month Until Google Chrome Marks HTTP Sites “Not Secure” appeared first on Security Weekly.


What is PCI Compliance?

Sucuri aims at keeping the internet safe. That is why we are so keen on informing our customers of potential threats. We have posted many articles regarding ecommerce security breaches that steal credit card information, as well as the risks for ecommerce site owners.
There can be many dangers when purchasing through a website, and with so many cyber threats attacking ecommerce platforms and payment gateways, it’s more important than ever to reassure your customers by implementing and maintaining Payment Card Industry (PCI) Compliance.
Continue reading What is PCI Compliance? at Sucuri Blog.


PCI for SMB: Requirement 3 & 4 – Secure Cardholder Data

This is the third post in a series of articles on understanding the Payment Card Industry Data Security Standard – PCI DSS. We want to show how PCI DSS affects small, medium, and large businesses that are going through the compliance process using the PCI SAQ’s (Self Assessment Questionnaires). In the previous articles we have written about PCI, we covered requirements 1 and 2:

Requirement 1: Build and Maintain a Secure Network – Install and maintain a firewall configuration to protect cardholder data.

Continue reading PCI for SMB: Requirement 3 & 4 – Secure Cardholder Data at Sucuri Blog.


Unwanted Ads via Baidu Links

The malware attack that began as an installation of malicious Injectbody/Injectscr WordPress plugins back in February has evolved since then.
Some of the changes were documented asUpdates at the bottom of the original blog post, however, every week we see minor modifications in the way they obfuscate the scripts or the files they inject them into.
Encrypted WordPress JavaScript Files
At this moment, the most common injection targets are core WordPress JavaScript files:
Hackers add the malicious code and then obfuscate the entire file contents along with the original legitimate code so that the only way to clean the files without breaking the site functionality is to replace them with their original clean copies.
Continue reading Unwanted Ads via Baidu Links at Sucuri Blog.


libsodium – Easy-to-use Software Library For Encryption

Sodium is a new, easy-to-use software library for encryption, decryption, signatures, password hashing and more. It is a portable, cross-compilable, installable, packageable fork of NaCl, with a compatible API, and an extended API to improve usability even further.

Its goal is to provide all of the core operations needed to build higher-level cryptographic tools. Sodium supports a variety of compilers and operating systems, including Windows (with MingW or Visual Studio, x86 and x64), iOS, Android, as well as Javascript and Webassembly.
Read the rest of libsodium – Easy-to-use Software Library For Encryption now! Only available at Darknet.