• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer

Sucuri Blog

Website Security News

  • Products
    • Website Security Platform
    • Website Firewall (WAF)
    • Enterprise Website Security
    • Multisite Solutions
  • Features
    • Detection
    • Protection
    • Performance
    • Response
    • Backups
  • Partners
    • Agency Solutions
    • Partners
    • Referral Program
    • Ecommerce
  • Resources
    • Guides
    • Webinars
    • Infographics
    • SiteCheck
    • Reports
    • Email Courses
  • Immediate Help
  • Login
Labs Notes Monthly Recap – May/2020

Labs Notes Monthly Recap – May/2020

June 3, 2020Juliana Lewis

13
SHARES
FacebookTwitterSubscribe

In 2020, we doubled up our research efforts to report on many new attacks and hacks that we see in the wild. We believe that being informed is a big part of having a good website security posture.

Sucuri Labs provides website malware research updates directly from our teams on the front line. Our Labs Notes are usually shorter than blog posts and they focus on a highly technical audience.

This month, our Malware Research and Incident Response teams disclosed a WordPress plugin vulnerability and wrote about a web shell packer.

B374k Web Shell Packer

by Luke Leal

B374k is one of the most common PHP web shells. Hackers have been loading it onto compromised websites.

Our malware researcher explains how bad actors can use a PHP packer script to add or remove different features like a file manager, database connect, and email before generating the b374k shell file.

Read More

Unauthenticated Stored Cross Site Scripting in WP Product Review

by John Castro

The Vulnerability Research Team discovered an unauthenticated persistent cross-site scripting (XSS) that  has been affecting 40,000+ users of the WP Product Review plugin.

Our researcher explains how a defect in the WordPress plugin WP Product Review versions older than 3.7.6 can lead to persistent cross-site scripting. A successful attack results in malicious scripts being injected in all the site’s products.

Read More

Vulnerabilities Digest: May 2020

by John Castro

In May’s vulnerability digest you will find a list of vulnerable WordPress plugins, the vulnerabilities that are currently affecting them, and their patched version if available.

We also write about the main attack highlights:

  • Cross-site scripting remains the number-one vulnerability.
  • The number of unprotected AJAX action bugs are still ramping up.
  • The plugins and new malicious IPs which were added to a massive WordPress malware campaign.

Read More

13
SHARES
FacebookTwitterSubscribe

Categories: Sucuri Labs, Website Malware Infections, Website SecurityTags: Hacked Websites, Malware Updates

About Juliana Lewis

Juliana Laraburu is Sucuri’s Marketing Content Manager who joined the company in 2015. Juliana’s main responsibilities include managing projects, keyword research, and drafting blog posts and landing pages. Her professional experience covers over five years of creating website security content. When Juliana isn’t working on Sucuri’s blog, you might find her traveling around the world or hanging out with her family. Connect with Juliana on Twitter.

Reader Interactions

Primary Sidebar

Socialize With Sucuri

We're actively engaged across multiple platforms. Follow us and let's connect!

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS Feed

2019 Threat Report

The Anatomy of Website Malware Webinar

Join Over 20,000 Subscribers!

Footer

Products

  • Website Firewall
  • Website AntiVirus
  • Website Backups
  • WordPress Security
  • Enterprise Services

Solutions

  • DDos Protection
  • Malware Detection
  • Malware Removal
  • Malware Prevention
  • Blacklist Removal

Support

  • Blog
  • Knowledge Base
  • SiteCheck
  • Research Labs
  • FAQ

Company

  • About
  • Media
  • Events
  • Employment
  • Contact
  • Testimonials
  • Facebook
  • Twitter
  • LinkedIn
  • Instagram

Customer Login

Sucuri Home

  • Terms of Use
  • Privacy Policy
  • Frequently Asked Questions

© 2021 Sucuri Inc. All rights reserved

Sucuri Cookie Policy
See our policy>>

Our website uses cookies, which help us to improve our site and enables us to deliver the best possible service and customer experience.