HeartBleed in the Wild

As most of you probably already know, ten days ago security Researchers disclosed a very serious vulnerability in the OpenSSL library, which is used to power HTTPS on most websites nowadays. The bug allowed an attacker to extract information that was supposed to be private, including SSL private keys, login data or any other information transmitted via the web site.

It was one the first security vulnerabilities (code named HeartBleed) to receive massive media attention and every webmaster in the world has probably heard about it (at least we hope so).


Read More

Critical Update for JetPack WordPress Plugin

The Jetpack team just released a critical security update to fix a security vulnerability in the Jetpack WordPress plugin. The vulnerability allows an attacker to bypass the site's access control and publish posts on the site. All versions of JetPack
Read More

Patching The Heartbleed OpenSSL Vulnerability

Security Researchers have discovered a very serious vulnerability in the OpenSSL library that is used to power HTTPS on most websites. Many news sources are now covering the story, and we recommend reading their articles to understand the scope of
Read More

Ad Violations: Why Search Engines Won’t Display Your Site If it’s Infected With Malware

As your site’s webmaster, have you ever seen an e-mail from Google like this: Hello, We wanted to alert you that one of your sites violates our advertising policies. Therefore, we won't be able to run any of your ads that link to that site, and
Read More

Thumb Wars: Sucuri Acquires Google Webmaster Tools

Google Webmaster Tools

Today Sucuri unofficially acquires Google Webmaster Tools. In an effort to combine forces of good, Sucuri officials challenged Google to a thumb wrestling war. Here is a breakdown of the event. Over The Top In a best-of-5 style
Read More

JCE Joomla Extension Attacks in the Wild

jce-exploit

Our friends from SpiderLabs, issued a warning today on their blog about increased activity on their honeypots looking to exploit the old JCE (Joomla Content Editor) vulnerability. JCE is a very popular component that can be found enabled on
Read More

Unmasking “Free” Premium WordPress Plugins

WordPress has a large repository of free plugins (currently 30,000+) that can add almost any functionality to your blog. However, there is still a market for premium plugins. Premium plugins are especially popular when they help blogs make money:
Read More

Windigo Linux Analysis – Ebury and Cdorked

Windigo Timeline

Our friends over at ESET released a very detailed document about the Windigo Operation. The Windigo Operation has been responsible for the compromise of thousands of Linux servers over the years. When you hear terms like Ebury, CDorked, Calfbot and
Read More

Security Exploit Patched on vBulletin – PHP Object Injection

The vBulletin team just issued a warning, and released patches for a security exploit that affected all versions of vBulletin including 3.5, 3.6, 3.7, 3.8, 4.X, 5.X. They recommend that anyone using vBulletin apply these patches as soon as possible.
Read More

Understanding Denial of Service and Brute Force Attacks – WordPress, Joomla, Drupal, vBulletin

Sucuri-DDOS-BruteForce-PieChart

Many are likely getting emails with the following subject header Large Distributed Brute Force WordPress Attack Underway - 40,000 Attacks Per Minute. Just this week we put out a post titled More Than 162,000 WordPress Sites Used for Distributed
Read More