Ben Martin

About Ben Martin

Ben Martin is Sucuri’s Security Analyst who joined the company in 2013. Ben's main responsibilities include finding new undetected malware, identifying trends in the website security world, and, of course, cleaning websites. His professional experience covers more than eight years of working with infected websites, writing blog posts, and taking escalated tickets. When Ben isn't slaying malware, you might find him editing audio, producing music, playing video games, or cuddling with his cat. Connect with him on Twitter

January 20, 2022Ben Martin

AccessPress Themes Hit With Targeted Supply Chain Attack

Security researchers at Automattic recently reported that the popular WordPress plugin and theme authors AccessPress were compromised and their software replaced with backdoored versions. The compromise appears to have taken place in September of last year and was only recently made public. Users who used…

January 7, 2022Ben Martin

WordPress 5.8.3 Security Release

On January 6th, an important security update was released for the WordPress core addresses four separate vulnerabilities. WordPress website administrators are advised to update their websites immediately. All WordPress versions…

December 29, 2021Ben Martin

How do I Know if a Website is Safe to Use my Credit Card?

With regular news stories about companies being hacked, database breaches, internet-breaking vulnerabilities and online credit card theft, web users are justifiably anxious about making online purchases for fear that their…

December 21, 2021Ben Martin

Critical Vulnerabilities in All in One SEO Plugin Affects Millions of WordPress Websites

Security Risk: High Exploitation Level: Easy CVSS Score: 9.9 / 7.7 Vulnerability: Privilege Escalation, SQL Injection Patched Version: 4.1.5.3 Last week, security researcher at Automattic Marc Montpas recently discovered two…

December 14, 2021Ben Martin

Log4j Vulnerability: The Perfect Holiday Present that Nobody Wants

A critical server security vulnerability in the Java logging library Log4j is taking the internet by storm because code to actively exploit this vulnerability is already widely distributed across the…

December 6, 2021Ben Martin

WooCommerce Credit Card Swiper Injected Into Random Plugin Files

It’s that time of year again! While website owners always need to be on guard, the holidays season is when online scams and credit card theft are most rampant. Administrators…

November 19, 2021Ben Martin

An Overview of Website Reinfection Vectors

The website security landscape is as complicated as it is treacherous. We often deal with clients who become reinfected over and over again. Once the attackers establish a foothold in…

November 15, 2021Ben Martin

Fake Ransomware Infection Spooks Website Owners

Starting this past Friday we have seen a number of websites showing a fake ransomware infection. Google search results for “FOR RESTORE SEND 0.1 BITCOIN” were sitting at 6 last…

November 8, 2021Ben Martin

WooCommerce Skimmer Spoofs Checkout Page

Recently a client of ours was reporting a bogus checkout page appearing on their website. When trying to access their “my-account” page an unfamiliar prompt appeared in their browser soliciting…

September 8, 2021Ben Martin

Multistage WordPress Redirect Kit

Recently, one of our analysts @kpetku came across a series of semi-randomised malware injections in multiple WordPress environments. Typical of spam redirect infections, the malware redirects visitors by calling malicious…

September 1, 2021Ben Martin

Analysis of a Phishing Kit (that targets Chase Bank)

Most of us are already familiar with phishing: A common type of internet scam where unsuspecting victims are conned into entering their real login credentials on fake pages controlled by…