Website Security News
Finding backdoors is one of the biggest challenges of a website security analyst, as backdoors are designed to be hidden in case the malware is found and removed. Website Backdoors A backdoor is a piece of malware that attackers leave behind to allow them access back into a…
It’s always nice to meet an old friend or someone you used to know well. You have news to share and talk about, stories to tell, etc. But what if…
Backdoors are found in 72% of infected websites, according to our latest reports. Backdoors are files left on the server by attackers in order to retain access to your site and…
Read More about Register My Backdoor – Unorthodox Invocation Mechanisms
In the past, we have seen a massive amount of vBulletin websites compromised through the VBSeo Vulnerability. Attackers have been infecting vBulletin websites since 2012 with this malware, and more…
Read More about vBulletin Used to Show Malicious Advertisements
We have been monitoring a new campaign specifically targeting WordPress sites, using hundreds of them for SEO spam distribution. We call it the XM1RPC campaign due to the common backdoor…
We usually write a lot about obfuscation methods on Sucuri Labs and here on the blog. Sometimes we write about free tools to obfuscate your code that aren’t that free and…
On average, a website leverages around 18-20 different plugins in its structure. These plugins enhance the website’s functionality and in some instances extend the applications core capabilities. It’s great for…
Read More about Secure Coding: How to Account for Input Sanitization
Our Remediation and Research teams are in constant communication and collaboration. It’s how we stay ahead of the latest threats, but it also presents an opportunity to identify interesting threats…
During a routine audit for our WAF, we discovered a critical stored XSS vulnerability affecting Akismet, a popular WordPress plugin deployed by millions of installs.
Read More about Security Advisory: Stored XSS in Akismet WordPress Plugin
During one of our recent in-house Capture The Flag (CTF) events, I was playing with the idea of what could be done with Non-Breaking Spaces. I really wanted to win…
Read More about Creative Evasion Technique Against Website Firewalls
We were notified last week that the vBulletin team sent an email to all their clients about a potential security vulnerability in vBSEO. After further investigation, we confirm that this…
Read More about vBSEO’s Vulnerability Leads to Remote Code Execution
