Creative Evasion Technique Against Website Firewalls

Sucuri - HTML Encoding Example

During one of our recent in-house Capture The Flag (CTF) events, I was playing with the idea of what could be done with Non-Breaking Spaces. I really wanted to win and surely there had to be a way through the existing evasion controls. This post
Read More

Bogus Mobile-Shortcuts WordPress Plugin Injects SEO Spam

Here at Sucuri we see countless cases of SEO spam where a website is compromised in order to spread pharmaceutical advertisements or backlinks to sites selling luxury goods. Most of the time this involves injecting hundreds of spam links into the
Read More

Critical “GHOST” Vulnerability Released

Sucuri - GetHostbyName

A very critical vulnerability affecting the GNU C Library (glibc) is threatening Linux servers for a remote command execution. This security bug was discovered by Qualys security researchers and will probably cause a lot of headaches to those who won
Read More

DDoS from China – Facebook, WordPress and Twitter Users Receiving Sucuri Error Pages

Over the past few weeks, our Security Operation Center (SOC) has been seeing some different, and very suspicious requests to some of our servers. At first we thought it was a Distributed Denial of Service (DDoS) attack, mainly due to the high
Read More

Security Advisory – Vulnerabilities in Pagelines/Platform theme for WordPress


Advisory for: Pagelines and Platform Themes Security Risk: Very High Exploitation level: Easy/Remote DREAD Score: 9/10 Vulnerability: Privilege Escalation / Remote Code Execution Patched Version: Pagelines: WP Repo 1.4.6, Pagelines Server 2.4.6
Read More

AdSense Abused with Malvertising Campaign

Blocked adwynne banners

Last weekend we noticed a large number of requests to scan websites for malware because they randomly redirected to some “magazine” websites. Most of them mentioned the lemode-mgz .com site. In all cases, the symptoms were the same. Some users ran
Read More

vBSEO’s Vulnerability Leads to Remote Code Execution


We were notified last week that the vBulletin team sent an email to all their clients about a potential security vulnerability in vBSEO. After further investigation, we confirm that this is a very critical issue as it could allow an attacker to
Read More

Serious Vulnerability in VBSEO

The vBulletin team sent an email yesterday to all their clients about a potential security vulnerability on VBSEO. VBSEO is widely used SEO module for vBulletin that was discontinued last year. This makes the problem worse, no patches will be
Read More

Websites Compromised with CloudFrond Injection

Sucuri - CloudFrond Jumpled Payload

If you haven't already noticed, we spent a good deal of time scraping the bottom of the interweb barrel. It's dirty work, but someone has to do it. I'm not going to lie though, to us it's fascinating digging up little nuggets daily, understanding how
Read More

Website Backdoors Leverage the Pastebin Service

Decoded backdoor that uses pastebin

We continue our series of posts about hacker attacks that exploit a vulnerability in older versions of the popular RevSlider plugin. In this post we’ll show you a different backdoor variant that abuses the legitimate service for hosting m
Read More