Daniel Cid

214 posts

Daniel B. Cid is Founder of Sucuri and the VP of Engineering for the GoDaddy Security Products group. He is also the founder of OSSEC and CleanBrowsing. You can find more about Daniel on his site dcid.me or on Twitter: @danielcid

Drupal Warns – Every Drupal 7 Website Compromised Unless Patched

Daniel Cid
October 29, 2014

The Drupal team released an update to a critical SQL Injection vulnerability a few weeks ago and urged all their users to update or patch…

Read the Post

Google Blacklists Bit.ly

Daniel Cid
October 25, 2014

If you ever shortened a URL using bit.ly or if you use it anywhere, be aware that Google recently blacklisted all bit.ly pages through its…

Read the Post

Drupal SQL Injection Attempts in the Wild

Daniel Cid
October 17, 2014

Update (2014/10/29): The Drupal team just released a Public Service Announcement, confirming what we are seeing (mass compromise of Drupal sites). We’ve released a new…

Read the Post

Highly Critical SQL Injection Vulnerability Patched in Drupal Core

Daniel Cid
October 15, 2014

The Drupal team just released a security update for Drupal 7.x to address a highly critical SQL injection vulnerability. This bug can be exploited remotely…

Read the Post

WordPress Websites Continue to Get Hacked via MailPoet Plugin Vulnerability

Daniel Cid
October 9, 2014

The popular Mailpoet(wysija-newsletters) WordPress plugin had a serious file upload vulnerability a few months back, allowing an attacker to upload files to vulnerable sites. This…

Read the Post

Website Attacks – SQL Injection And The Threat They Present

Daniel Cid
October 8, 2014

We are starting a new series of articles where we will talk about different active website attacks we are seeing. The first one we will…

Read the Post

Phishing with Help from Compromised WordPress Sites

Daniel Cid
October 6, 2014

We get thousands of spam and phishing emails daily. We use good spam filters (along with Gmail) and that greatly reduces the noise in our…

Read the Post

Joomla! 3.3.5 Released – Fixing High Priority Security Issues

Daniel Cid
September 30, 2014

Update: It seems like there is a glitch in the new version and the Joomla team is urging its users not to upgrade yet. From…

Read the Post

Bash – ShellShocker – Attacks Increase in the Wild – Day 1

Daniel Cid
September 25, 2014

The Bash ShellShocker vulnerability was first disclosed to the public yesterday. Just a few hours after the initial release, we started to see a few…

Read the Post

Bash Vulnerability – Shell Shock – Thousands of cPanel Sites are High Risk

Daniel Cid
September 25, 2014

The team behind the Bash project (the most common shell used on Linux) recently issued a patch for a serious vulnerability that could allow for…

Read the Post

Anatomy of 2,000 Compromised Web Servers used in DDoS Attack

Daniel Cid
September 5, 2014

One of our clients was being attacked by a layer-7 DDoS attack for more than a week. The attack was generating around 5,000 HTTP requests…

Read the Post