Collaborate Disseminate
Once an attacker manages to hack and gain access to a target site or system, they typically work hard to maintain their access—as long as it can to help them achieve their goals.
You can think of it like having an annoying party-crasher at your … Continue reading The Hacker Returns: A Backdoor Edition
Single sign-on (SSO) allows users to sign into a single account (e.g Google) and access other services like YouTube or Gmail without authenticating with a separate username and password.
This feature also extends to third party services such as the po… Continue reading Fake SSO Used In Multi-Email Provider Phishing
We recently released an update to our Labs Knowledgebase for new plugins that had been targeted during the month of July 2019.
One of these newly targeted plugins was Advanced Booking Calendar — and it didn’t take long before we were recei… Continue reading Fake Human Verification Spam
A cybersecurity researcher recently published details and proof-of-concept for an unpatched zero-day vulnerability in phpMyAdmin—one of the most popular applications for managing the MySQL and MariaDB databases.
phpMyAdmin is a free and open source ad… Continue reading Warning: Researcher Drops phpMyAdmin Zero-Day Affecting All Versions
In the past four months, Sucuri has seen an increase in the number of plugins affected by the misuse of WordPress’ update_option() function. This function is used to update a named option/value in the options database table. If developers … Continue reading Misuse of WordPress update_option() function Leads to Website Infections
Last week, WordPress released version 5.2.3 which was a security and maintenance update, and as such, contained many security fixes. Part of our day to day work is to analyse these security releases, discover what security issue it is fixing and come … Continue reading Dissecting the WordPress 5.2.3 Update
In an interview with Smashing Magazine our CoFounder (now Head of Security Products at GoDaddy) Tony Perez was asked the following question.
What Makes WordPress Vulnerable?
“Here’s the simple answer. Old versions of WordPress, along with … Continue reading How to Audit & Cleanup WordPress Plugins & Themes
When our tools don’t automatically detect and clean malicious code, that’s when we start our investigation process—and the majority of these research findings end up on the blog or as a Labs note.
However, other times we update our t… Continue reading Throwback Threat Thursday: Joomla GoogleMaps Plugin SEO Spam Injection
XKCD—one of the most popular webcomic platforms known for its geeky tech humor and other science-laden comic strips on romance, sarcasm, math, and language—has suffered a data breach exposing data of its forum users.
The security breach occurred two m… Continue reading XKCD Forum Hacked – Over 562,000 Users’ Account Details Leaked
Before we get into the details of “Cryptocurrency Mining Malware”, we need to understand first what cryptocurrency is and what miners are.
What is Cryptocurrency?
Cryptocurrency is best thought of as digital currency and it only exis… Continue reading What is Cryptocurrency Mining Malware?