Disclosure: Insecure Nonce Generation in WPtouch

If you use the popular WPtouch plugin (5m+ downloads) on your WordPress website, you should update it immediately. During a routine audit for our WAF, we discovered a very dangerous vulnerability that could potentially allow a user with no
Read More

Website Malware – Mobile Redirect to BaDoink Porn App

Badoink-338x600

A few weeks ago we reported that we were seeing a huge increase in the number of web sites compromised with a hidden redirection to pornographic content. It was a very tricky injection, with the redirection happening only once per day per IP address
Read More

Simplifying the language of website security

Translation

A couple of weeks ago, the Sucuri team was at HostingCon. We rubbed elbows with the people who bring your websites to the world and spoke at length with them about the importance of website security. However, the most interesting conversation we had
Read More

Ask Sucuri: Who is logging into my WordPress site?

wordpress-lastlogins

Today, we're going to revisit our Q&A series. If you have any questions about malware, blacklisting, or security in general, send them to us at: info@sucuri.net. For all the “Ask Sucuri” answers, go here. Question: How do I know who is logging in
Read More

Remote File Upload Vulnerability in WordPress MailPoet Plugin (wysija-newsletters)

Marc-Alexandre Montpas, from our research team, found a serious security vulnerability in the MailPoet WordPress plugin. This bug allows an attacker to upload any file remotely to the vulnerable website (i.e., no authentication is required). This
Read More

TimThumb WebShot Code Execution Exploit (0-day)

If you are still using Timthumb after the serious vulnerability that was found on it last year, you have one more reason to be concerned. A new 0-day was just disclosed on TimThumb's "Webshot" feature that allows for certain commands to be
Read More

SPAM Hack Targets WordPress Core Install Directories

Screen Shot 2014-06-19 at 3.17.17 PM

Do you run your website on WordPress? Have you checked the integrity of your core install lately for SPAM like "Google Pharmacy" stores or other fake stores? We have been tracking and analyzing a growing trend in SEO Spam (a.k.a., Search Engine
Read More

Disclosure: Remote Code Execution Vuln in Disqus

We recently found a security vulnerability in the Disqus Comment System plugin for WordPress. It could, under very specific conditions, allow an attacker to perform arbitrary remote code execution (RCE). In other words, an attacker can do anything he
Read More

Case Study: Complexities of “simple” malware

What you see on these infected websites

You know when you pull a string on a sweater and it just keeps going and going? You wonder when or if it will ever stop? From time to time, that’s how malware can feel. Even if you’re not a website security expert, it’s important to understand just ho
Read More

Is my website hacked? If you have to ask then, “Yes.”

Nordea

The problem with phishing, and therefore the reason so many people have trouble with it, is that the code is fairly benign and can be very difficult to spot because it usually looks almost exactly like legitimate code. Oftentimes, a website owner
Read More