Collaborate Disseminate
In the past couple of years, we’ve been tracking a long-lasting campaign responsible for injecting malicious scripts into WordPress sites.
This campaign leverages old vulnerabilities (patched a long time ago) found in a variety of outdated theme… Continue reading From .tk Redirects to PushKa Browser Notification Scam
The WordPress plugin repository team may “close” plugins and restrict downloads when they become aware of a security issue that the developer cannot fix quickly.
However, bad actors are actively monitoring the WordPress plugin repository,&… Continue reading Attacks on Closed WordPress Plugins
Have you ever stopped to think about how many resources a search engine has or if your website could handle the same amount of search traffic that Google does?
Search engines play an important role on the internet and with how websites perform. One ma… Continue reading DDoS Targeting WordPress Search
We recently noticed an interesting example of network infrastructure resources being used over a period of time by more than one large scale malware campaign (e.g redirected traffic, cryptomining). This was discovered when reviewing sources of the var… Continue reading Malware Campaigns Sharing Network Resources: r00ts.ninja
It all started with a Twitter Poll we put out a couple of weeks ago, trying to find out what is the most used CMS by our customers. We added the usual suspects in the poll options; WordPress, Joomla, Drupal. We casually added an “Other” op… Continue reading TYPO3 Overtakes WordPress as Most Attacked CMS Due to Popularity
If your online e-commerce business is running over the Magento platform, you must pay attention to this information.
Magento yesterday released new versions of its content management software to address a total of 37 newly-discovered security vulnerab… Continue reading Critical Magento SQL Injection Vulnerability Discovered – Patch Your Sites
As more people are creating websites and becoming aware of website security, companies are popping up everywhere to help with the problem. And just like website security plugins, not all website security services are created equal.
Here at Sucuri, we … Continue reading How to Choose a Website Security Provider
Cybersecurity researchers today disclosed details of two newly identified Magecart attacks targeting online shoppers of bedding retailers MyPillow and Amerisleep.
Magecart is an umbrella term researchers gave to at least 11 different hacking groups th… Continue reading New MageCart Attacks Target Bedding Retailers My Pillow and Amerisleep
After recent publication of the Uncommon Radixes Used in Malware Obfuscation article, we found an interesting Twitter thread involving @EKFiddle and @Ledtech3
#EKFiddle [Regex update]: Added Radix Web Skimmer identified by @unmaskparasites (https://t…. Continue reading More on Dnsden[.]biz Swipers and Radix Obfuscation
The WP-Fastest-Cache plugin authors released a new update, version 0.8.9.1, fixing a vulnerability (CVE-2019-6726) present during its install alongside the WP-PostRatings plugin. According to seclists.org:
“A successful attack allows an unauthen… Continue reading Arbitrary Directory Deletion in WP-Fastest-Cache