Daniel Cid

214 posts

Daniel B. Cid is Founder of Sucuri and the VP of Engineering for the GoDaddy Security Products group. He is also the founder of OSSEC and CleanBrowsing. You can find more about Daniel on his site dcid.me or on Twitter: @danielcid

In this post, we cover the Payment Card Industry Data Security Standard (PCI DSS) Requirement 5 & 6: Maintain a Vulnerability Management Program.

Intro to E-Commerce and PCI Compliance – Part I

Daniel Cid
March 31, 2015

Update: Read our new PCI Compliance guide. Have you ever heard of the term PCI? Specifically, PCI compliance? If you have an ecommerce website you…

Read the Post

Understanding WordPress Plugin Vulnerabilities

Daniel Cid
March 17, 2015

When WordPress vulnerabilities are disclosed in plugins, there are often many questions. Some are minor issues, some are more relevant, while others are what we’d…

Read the Post

Vulnerability Disclosures – A Note To Developers

Daniel Cid
February 18, 2015

This post is entirely for developers. Feel free to read, but approach it with that in mind. There is no such thing as bug-free code.…

Read the Post

Zero-day in the Fancybox-for-WordPress Plugin

Daniel Cid
February 4, 2015

Update: We posted an analysis of the vulnerability following this post. Our research team was alerted to a possible malware outbreak affecting many WordPress websites.…

Read the Post

DDoS from China – Facebook, WordPress and Twitter Users Receiving Sucuri Error Pages

Daniel Cid
January 27, 2015

Over the past few weeks our Security Operation Center (SOC) has been seeing some unique and very suspicious requests to some of our servers. At…

Read the Post

Vulnerability Disclosure

Serious Vulnerability in VBSEO

Daniel Cid
January 8, 2015

The vBulletin team sent an email yesterday to all their clients about a potential security vulnerability in VBSEO. VBSEO is a widely used SEO module…

Read the Post

Sucuri Labs

RevSlider MalFrames – SoakSoak

Daniel Cid
December 28, 2014

The RevSlider SoakSoak malware campaign started with the soaksoak.ru domain (hence the name). However, since thelast 2 weeks, it has mutated and used different domains…

Read the Post

New Malware Campaign – WPcache-Blogger – Affects Thousands more WordPress Websites via RevSlider

Daniel Cid
December 24, 2014

If SoakSoak wasn’t enough, we are starting to see a new malware campaign leveraging the RevSlider vulnerability and compromising thousands of WordPress sites in the…

Read the Post

RevSlider Vulnerability Leads To Massive WordPress SoakSoak Compromise

Daniel Cid
December 15, 2014

Yesterday we disclosed a large malware campaign targeting and compromising over 100,000 WordPress sites, and growing by the hour. It was named SoakSoak due to…

Read the Post

JoomDonation Compromised

Daniel Cid
November 26, 2014

We are receiving reports from many users of the popular JoomDonation platform that they received a very scary email from someone that supposedly hacked into…

Read the Post

Protecting Against Unknown Software Vulnerabilities

Daniel Cid
November 24, 2014

Bugs exist in every piece of code. It is suggested that for every 1,000 lines of code, there are on average 1 to 5 bugs…

Read the Post