Profile

Cover photo
Denis Sinegubko
Works at Unmask Parasites
537 followers|107,736 views
AboutPostsCollectionsPhotosVideos
People
Have him in circles
537 people
muttaqin putra's profile photo
Jack Hayton's profile photo
Stephen Pate's profile photo
Marios Agathocleous's profile photo
Андрей Степаков's profile photo
Сергей Б's profile photo
Dumitru Punga's profile photo
jose colon's profile photo
Vladimir Ofitserov's profile photo
Basic Information
Gender
Male
Work
Occupation
security researcher
Employment
  • Unmask Parasites
    Founder, 2008 - present
  • Sucuri, Inc.
    security researcher, 2013 - present
Links

Stream

Denis Sinegubko

Shared publicly  - 
 
 
We see a strong trend in hacking ecommerce sites in order to hijack payment process and steal customers credit card details.
Recently we found one more proof of increased attention to ecommerce sites from hackers. On one hacked WordPress site, among other uploaded backdoors, we found quite a big script (>600 lines of code) script whose only purpose was to scan the compromised server for online shop sites
We see a strong trend in hacking ecommerce sites in order to hijack payment process and steal customers credit card details. During the last couple of years, we wrote multiple times about attacks that target Magento, OpenCart, PrestaShop, Woo Commerce and other ecommerce platforms. Recently we found one more proof of increased attention to ecommerce sites from hackers. On one hacked WordPress site, among other uploaded backdoors, we found quite a...
View original post
1
Add a comment...

Denis Sinegubko

Shared publicly  - 
 
 
In our PCI for SMB series, let's talk about requirement 2:
do not use vendor-supplied defaults for system passwords or other security parameters.
Third article in our series on PCI Compliance, taking you through each step, showing you how to be PCI compliant. Requirement #2 involves changing defaults.
View original post
1
Add a comment...

Denis Sinegubko

Shared publicly  - 
 
 
#Drupal 8.1.4 is now available. This is a patch release, so make sure you update. http://ow.ly/UZbE3021r9v
View original post
1
Add a comment...

Denis Sinegubko

Shared publicly  - 
 
 
See you all tomorrow at #WCEU - we'll be happy to meet you at our booth. Feel free to drop by.
View original post
1
Add a comment...

Denis Sinegubko

Shared publicly  - 
 
Domain slamming scams may reach you even offline.
 
Domain registrar scams have been around for years. But domain renewal phishing scams are still here, so beware! http://ow.ly/bRWR301urxr
Website owners public WHOIS records may receive targeted spam designed to look like a bill for domain renewal including accurate personal information.
View original post
1
Add a comment...

Denis Sinegubko

Shared publicly  - 
 
My new post on the +Sucuri Inc. blog about how improper shared server configuration may result in blacklisting of totally secure sites.
 
It's time you talk to your host: phishers abuse hosting temporary URLs http://ow.ly/YUYQ3010ROo
Temporary URLs given by hosting companies can come with security issues that can allow phishers to infect websites on shared server space.
View original post
1
1
Add a comment...
Have him in circles
537 people
muttaqin putra's profile photo
Jack Hayton's profile photo
Stephen Pate's profile photo
Marios Agathocleous's profile photo
Андрей Степаков's profile photo
Сергей Б's profile photo
Dumitru Punga's profile photo
jose colon's profile photo
Vladimir Ofitserov's profile photo

Denis Sinegubko

Shared publicly  - 
 
 
Today we're talking about a new type of phishing: attacking the eCommerce checkout pages.
What is really quite new here is the combination of phishing and infection of legitimate pages. These two used to be separate. Phishers didn't infect legitimate pages, they used emails, fake websites etc.
Now they hijack a legitimate checkout process on legitimate eCommerce sites, making the entire attack even harder to be discovered.
Check your own configs today and do share any findings.
Hackers are attacking WooCommerce and PrestaShop sites by redirecting customers to fake checkout pages on malicious sites using a small Javascript snippet.
View original post
3
2
Add a comment...

Denis Sinegubko

Shared publicly  - 
 
Interesting...
 
"Quantum computers are a fundamentally different sort of computer that take advantage of aspects of quantum physics to solve certain sorts of problems dramatically faster than conventional computers can. While they will, no doubt, be of huge benefit in some areas of study, some of the problems that they are effective at solving are the ones that we use to secure digital communications. Specifically, if large quantum computers can be built then they may be able to break the asymmetric cryptographic primitives that are currently used in TLS, the security protocol behind HTTPS."
View original post
1
Add a comment...

Denis Sinegubko

Shared publicly  - 
 
 
Looking at the WordPress Security Challenges with Tony Perez, CEO of Sucuri
This article highlights five issues I believe to be plaguing the WordPress security community and provides insight on how to overcome them.
View original post
1
Add a comment...

Denis Sinegubko

Shared publicly  - 
 
 
You'll soon be getting alerts in Google Analytics if your site is hacked for spam. Head over to the Webmaster Blog to read more about what that means and what to do if your site is hacked.
4 comments on original post
1
Add a comment...

Denis Sinegubko

Shared publicly  - 
 
 
WordPress 4.5.3 Maintenance and Security Release is now available. Make sure you update today!
WordPress 4.5.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.5.2 and earlier are affec…
View original post
1
Add a comment...

Denis Sinegubko

Shared publicly  - 
 
 
Lax security means hackers could steal your Mitsubishi Outlander.

Read more in my article on the +Bitdefender blog:
http://www.hotforsecurity.com/blog/lax-security-means-hackers-could-steal-your-mitsubishi-outlander-14081.html
Source: www.mitsubishi-motors.com If you’ve got a Mitsubishi Outlander hybrid electric car then you’ve also got a problem. Security researchers at Pen Test Partners have discovered that the top-selling family SUV’s security is fatally flawed because of the unusual method that Mitsubishi used to connect the vehicle to its mobile app. As researcher Ken Munro explains […]
View original post
1
Add a comment...
Denis's Collections