Collaborate Disseminate
W97M/Downloader is part of a large banking malware operation that peaked in March 2016. Bad actors have been distributing this campaign for well over a year, which serves as a doorway to Vawtrak and Dridex banking trojans. This malware campaign target… Continue reading W97M/Downloader Malware Dropper Served from Compromised Websites
On a daily basis at Sucuri, we hear things like:
“My host takes care of my website security.”
“I have never been hacked, so why should I care?”
Or here’s a personal favorite:
“I’ll take care of it if (when) it… Continue reading Who is Responsible for the Security of Your Website?
Note: We have updated this story to reflect new information after Stack Overflow changed its original announcement and shared more details on the security incident.
Stack Overflow, one of the largest question and answer site for programmers, revealed… Continue reading Hackers Breach Stack Overflow Q&A Site, Some Users’ Data Exposed
A team of security researchers at Microsoft discovered a potentially serious vulnerability in the Bluetooth-supported version of Google’s Titan Security Keys that could not be patched with a software update.
However, users do not need to worry as Goog… Continue reading Bluetooth Flaw Found in Google Titan Security Keys; Get Free Replacement
During a routine research audits for our Sucuri Firewall, we discovered an Unauthenticated Persistent Cross-Site Scripting (XSS) affecting 60,000+ users of the WP Live Chat Support WordPress plugin.
Current State of the Vulnerability
Thoug… Continue reading Persistent Cross-site Scripting in WP Live Chat Support Plugin
Give is a WordPress plugin which allows users to setup a donation page on a website. It currently has 60k installs.
During a recent audit of the plugin, we found a severe vulnerability which allows donors to inject arbitrar… Continue reading WordPress Plugin Give – Stored XSS for Donors
The Ultimate member plugin version 2.0.45 and lower is affected by multiple vulnerabilities, among them is a critical vulnerability allowing malicious users to read and delete your wp-config.php file, which can lead to a complete website takeover.
All… Continue reading Multiple Vulnerabilities in the WordPress Ultimate Member Plugin
Sucuri is partnering with GoDaddy Pro to make the internet more secure, one website professional at a time. Developers, designers, agencies, and freelancers now have an exclusive avenue to level up security knowledge and differentiate their businesses… Continue reading Free Website Security Consultation for GoDaddy Pros
Although the majority of sites we work on are powered by PHP, we still have clients whose sites use other programming languages.
The other day we cleaned an ASP site where we found a web.config file (the ASP.NET version of .htaccess) with these instru… Continue reading Replica Spam on Poorly Maintained ASP Site
Attackers commonly rely on backdoors to easily gain reentry and maintain control over a website. They also use PHP functions to further deepen the level of their backdoors.
A good example of this is the shell_exec function which allows plain shell com… Continue reading Cronjob Backdoors