Website Security News
Ecommerce refers to websites that involve online purchases. This functionality sparks new challenges, concerns, and requirements for website security. Online shopping, to many people, is almost synonymous with a certain kind of risk – and not without good reason. Over the holidays, we wrote a…
Read More about New Guide on How to Fix Hacked Magento Sites
Every month we recap the latest posts on Sucuri Labs, written by our Malware Research Team (MRT) and Incident Response Teams (IRT). The Sucuri Labs website provides technical analysis and…
We are starting to see remote command execution (RCE) attempts trying to exploit the latest WordPress REST API Vulnerability. These RCE attempts started today after a few days of attackers…
Read More about RCE Attempts Against the Latest WordPress REST API Vulnerability
During a recent malware investigation, we found some interesting obfuscated Javascript code. This code pretends to appear as part of the popular AddThis social sharing plugin, using it in URL…
Read More about JavaScript Injections Leads to Tech Support Scam
WordPress 4.7.2 was released two weeks ago, including a fix for a severe vulnerability in the WordPress REST API. We have been monitoring our WAF network and honeypots closely to…
Read More about WordPress REST API Vulnerability Abused in Defacement Campaigns
In 2016, I shared some thoughts about firewalls in general; their history and purpose in the information security domain. The point of the article was to help website owners differentiate…
Read More about Website Application Firewalls (WAF) – Practical Approach to Website Security
As part of a vulnerability research project for our Sucuri Firewall (WAF), we have been auditing multiple open source projects looking for security issues. While working on WordPress, we discovered…
Read More about Content Injection Vulnerability in WordPress
It takes a lot of bravery to create a small business. Putting yourself out there and taking risks is not for the faint of heart. Having a website is just…
Read More about Spotlight: Website Security Response for Photographers
When a website is hacked, we often find that attackers have injected multiple backdoors, web shells, and malicious code that allows them to regain access if the original vulnerability is…
Read More about Fake bb_press Plugin Redirects to Mobile Pornography
Since launching our website performance testing tool we have been getting a lot of questions about how to improve the speed and performance of WordPress websites. Many website owners are…
A common pattern we see in compromised websites is the presence of backdoors and other malicious code. During Q3 of 2016, we found that 72% of all compromises that we…
Read More about vBulletin Malware – When Hackers Compete for Backdoor Control
