Backups – The Forgotten Website Security Pillar
Tony Perez I travel a lot (might actually be an understatement these days), but the travel always revolves around a couple of common threads – website security…
Month: July 2014
11 posts
Responsible Disclosure – Sucuri Open Letter to MailPoet and Future Disclosures
Many don’t know who I am. My name is Tony Perez, I’m the CEO of Sucuri. I have the pleasure of calling this company my…
New Brute Force Attacks Exploiting XMLRPC in WordPress
Daniel Cid Brute force attacks against WordPress have always been very common. In fact, Brute Force attacks against any CMS these days is a common occurrence, what…
MailPoet Vulnerability Exploited in the Wild – Breaking Thousands of WordPress Sites
A few weeks ago we found and disclosed a serious vulnerability on the MailPoet WordPress Plugin. We urged everyone to upgrade their sites immediately due…
Massive Malware Infection Breaking WordPress Sites
Peter Gramantik Update: We identified the root cause: MailPoet Vulnerability Exploited in the Wild – Breaking Thousands of WordPress Sites. The last few days has brought about…
SQL Injection Vulnerability – vBulletin 5.x
The vBulletin team just released a security patch for vBulletin 5.0.4, 5.0.5, 5.1.0, 5.1.1, and 5.1.2 to address a SQL injection vulnerability on the member…
Disclosure: Insecure Nonce Generation in WPtouch
Marc-Alexandre Montpas If you use the popular WPtouch plugin (5M+ downloads) on your WordPress website, you should update it immediately. During a routine audit for our WAF,…
Website Malware – Mobile Redirect to BaDoink Porn App
A few weeks ago we reported that we were seeing a huge increase in the number of websites compromised with a hidden redirection to pornographic…
Simplifying the Language of Website Security
David Dede A couple of weeks ago, the Sucuri team was at HostingCon. We rubbed elbows with the people who bring your websites to the world and…
Ask Sucuri: Who is Logging into My WordPress Site?
Today, we’re going to revisit our Q&A series. If you have any questions about malware, blacklisting, or security in general, send them to us at:…
Remote File Upload Vulnerability in WordPress MailPoet Plugin (wysija-newsletters)
Marc-Alexandre Montpas, from our research team, found a serious security vulnerability in the MailPoet WordPress plugin. This bug allows an attacker to upload any file…