Website Security News
We continue to see an increase in the number of plugins attacked as part of a campaign that’s been active for quite a long time. Bad actors have added more vulnerable plugins to inject similar malicious scripts. Plugins Added to the Attack Download WP Inventory…
It feels like yesterday, but it has been 10 years since the domain sucuri.net was registered. Happy 10th Birthday, Sucuri! For us, 2009 marks the birth of the brand as…
It’s not uncommon for bad actors to use compromised websites to send large amounts of email spam. This can cause major headaches for website owners — spam can lead to…
Read More about Reset Email Account Passwords After a Website Malware Infection
Update: Read our new PCI Compliance guide. Welcome to the final post to conclude our series on understanding the Payment Card Industry Data Security Standard–PCI DSS. We want to show…
Read More about PCI for SMB: Requirement 12 – Maintain an Information Security Policy
Earlier this year, we noticed an increase in attacks aiming at ThinkPHP, which is a PHP framework that is very popular in Asia. If you keep track of your site’s…
In the past couple of years, we’ve been tracking a long-lasting campaign responsible for injecting malicious scripts into WordPress sites. This campaign leverages old vulnerabilities (patched a long time ago)…
Read More about From .tk Redirects to PushKa Browser Notification Scam
As part of our regular research audits for our Sucuri Firewall, we discovered an SQL injection vulnerability affecting 40,000+ users of the Advanced Contact Form 7 DB WordPress plugin. Current…
The WordPress plugin repository team may “close” plugins and restrict downloads when they become aware of a security issue that the developer cannot fix quickly. However, bad actors are actively…
Have you ever stopped to think about how many resources a search engine has or if your website could handle the same amount of search traffic that Google does? Search…
While investigating the Duplicate Page plugin, we have discovered a dangerous SQL Injection vulnerability. Though the plugin wasn’t abused externally, the vulnerability impacted over 800,000 sites. Its urgency is defined…
Read More about SQL Injection in Duplicate-Page WordPress Plugin
We recently noticed an interesting example of network infrastructure resources being used over a period of time by more than one large scale malware campaign (e.g redirected traffic, cryptomining). This…
Read More about Malware Campaigns Sharing Network Resources: r00ts.ninja
