Collaborate Disseminate
The Center for Internet Security (CIS) will leverage a cloud-based service from Qualys that will enable CIS to notify members of expiring, vulnerable or misconfigured site certificates as part of the customized monthly reports they already receive. Qu… Continue reading Qualys Partners With CIS to Identify Lapsed Site Certificates
Here at Sucuri most of the malware that we deal with is on CMS platforms like:
WordPress,
Joomla,
Drupal,
Magento,
and others.
But every now and then we come across something a little different.
Blackhat SEO Infection in Typo3
Just recently, I disco… Continue reading Typo 3 Spam Infection
If you own an eCommerce website built on WordPress and powered by WooCommerce plugin, then beware of a new, unpatched vulnerability that has been made public and could allow attackers to compromise your online store.
A WordPress security company—calle… Continue reading Critical Unpatched Flaw Disclosed in WordPress WooCommerce Extension
It feels like yesterday, but it has been 10 years since the domain sucuri.net was registered.
Happy 10th Birthday, Sucuri!
For us, 2009 marks the birth of the brand as it represents the day when the open-source project secured its name. The first Sucu… Continue reading Sucuri’s 10th Anniversary
Hackers have been found exploiting a pair of critical security vulnerabilities in one of the popular social media sharing plugins to take control over WordPress websites that are still running a vulnerable version of the plugin.
The vulnerable plugin … Continue reading Hackers Actively Exploiting Widely-Used Social Share Plugin for WordPress
It’s not uncommon for bad actors to use compromised websites to send large amounts of email spam. This can cause major headaches for website owners — spam can lead to the blacklisting of a web host’s mail server IPs, or the domain na… Continue reading Reset Email Account Passwords After a Website Malware Infection
Welcome to the final post to conclude our series on understanding the Payment Card Industry Data Security Standard–PCI DSS. We want to show how PCI DSS affects anyone going through the compliance process using the PCI SAQ’s (Self Assessmen… Continue reading PCI for SMB: Requirement 12 – Maintain an Information Security Policy
Drupal, the popular open-source content management system, has released security updates to address multiple “moderately critical” vulnerabilities in Drupal Core that could allow remote attackers to compromise the security of hundreds of thousands of w… Continue reading Drupal Releases Core CMS Updates to Patch Several Vulnerabilities
Earlier this year, we noticed an increase in attacks aiming at ThinkPHP, which is a PHP framework that is very popular in Asia.
If you keep track of your site’s activity, the following log may look familiar:
POST: /index.php?s=captcha HTTP/1.1
D… Continue reading ThinkPHP 5.x Remote Code Execution
An unprotected database belonging to JustDial, India’s largest local search service, is leaking personally identifiable information of its every customer in real-time who accessed the service via its website, mobile app, or even by calling on its fancy… Continue reading Over 100 Million JustDial Users’ Personal Data Found Exposed On the Internet