Phishing with help from Compromised WordPress Sites

Gmail Phishing on wp-includes

We get thousands of spam and phishing emails daily. We use good spam filters (along with Gmail) and that greatly reduces the noise in our inbox. Today though, one slipped through the crack and showed up in my personal inbox:
Read More

Website Security: A Case of SEO Poisoning

Sucuri - SEO Poisoining Dirty Home Page

There are so many ways your website can be co-opted by hackers for many different reasons, targeting the value created via your SEO is highly attractive. It provides an attacker the opportunity to cheat the system by quickly benefiting from your raw
Read More

Joomla! 3.3.5 Released – Fixing High Priority Security Issues

Screen Shot 2014-09-30 at 4.04.31 PM

Update: It seems like there is a glitch in the new version and the Joomla team is urging its users not to upgrade yet. From their twitter: Original post: The Joomla team just released versions 3.3.5, 3.2.6 and 2.5.26, patching high
Read More

Bash – ShellShocker – Attacks Increase in the Wild – Day 1

The Bash ShellShocker vulnerability was first disclosed to the public yesterday, 2014/Sep/24. Just a few hours after the initial release, we started to see a few scans looking for vulnerable servers. Our Website Firewall (CloudProxy) had already
Read More

Bash Vulnerability – Shell Shock – Thousands of cPanel Sites are High Risk

The team behind the Bash project (the most common shell used on Linux) recently issued a patch for a serious vulnerability that could allow for remote command execution on servers running the vulnerable bash versions. Wait, remote command
Read More

Security Advisory – Hikashop Extension for Joomla!

Advisory for: Hikashop for Joomla! Security Risk: High (DREAD score : 7/10) Vulnerability: Object Injection / Remote Code Execution Updated Version: 2.3.2 In a routine audit of our Website Firewall we discovered a serious vulnerability within
Read More

Website Malware – Curious .htaccess Conditional Redirect Case

I really enjoy when I see different types of conditional redirects on compromised sites. They are really hard to detect and always lead to interesting investigations. Take a look at this last one we identified: The curious aspect about it is
Read More

Conditional Malicious iFrame Targeting WordPress Web Sites

Sucurii  - GetCookie iFrame Injection

We have an email, labs@sucuri.net where we receive multiple questions a day about various forms of malware. One of the most common questions happen when our Free Security Scanner, SiteCheck, detects a spam injection or a hidden iframe and the user is
Read More

WordFence WordPress Security Plugin Pushes a Security Update

Sucuri - WordFence Whitelist IP Option

If you are one of the many users of the WordPress Security Plugin, WordFence, we highly encourage you to update. They recently pushed out a security update that could be affecting your install. It is important to note however that what is interesting
Read More

Understanding the WordPress Security Plugin Ecosystem

Sucuri - Website Security Wheel

This post is available in Spanish (Este post está disponible en español). As a child, did you ever play that game where you sit in a circle and one person is responsible for whispering something into one persons ear, and that message gets relayed a
Read More