Website Security News
In mass infection scenarios, our Malware Research team often looks for attack vectors to find patterns and other similarities among compromised websites. The identification of these patterns allows us to deploy better and faster solutions to our customers, minimizing impacts from massive attacks. Recently during…
Read More about Critical Vulnerabilities in 123contactform-for-wordpress WordPress Plugin
When cleaning websites, one of the most complicated parts of our job is ensuring we find all backdoors. Most of the time, attackers inject code into different locations to increase…
Several months ago, our research team identified a fake analytics infection, known as RealStatistics. The malicious Javascript injection looks a lot like tracking code for a legitimate analytics service. RealStatistics…
Read More about WordPress Security – Fake TrafficAnalytics Website Infection
In the last few months, our Incident Response Team detected an interesting malicious code that affected a high number of websites. This malware is a variation of the “Realstatistics” campaign…
Update 11/03/2017: If you want to learn how to secure WordPress, you can read all about it in our new guide. As WordPress continues to grow in popularity, so does…
Read More about Exploited Script in WordPress Theme Sends Spam
A few weeks ago, we posted a lab notes describing a good theme file being exploited by attackers to send mass-mailing SPAM (http://labs.sucuri.net/?note=2016/08/15 0:00). Upon further investigation, we identified that…
Read More about WordPress Theme Mailing Script being exploited in the wild
We often find code that is developed with good intent but the security aspects of it are not always taken into consideration. During a routine cleanup investigation we found a…
On average, a website leverages around 18-20 different plugins in its structure. These plugins enhance the website’s functionality and in some instances extend the applications core capabilities. It’s great for…
Read More about Secure Coding: How to Account for Input Sanitization
Early this morning we got complaints from our clients mentioning that Norton was flagging Helpscout, a Help Desk System. Some of the pages were triggering this warning Upon a quick…
During our regular cleanup process we came across a reinfection case that caught our attention. This particular environment didn’t have anything special or fancy, it was an updated WordPress installation…
Read More about Malware Cleanup to Arbitrary File Upload in Gravity Forms
Malware code can be very small, and the impact can be very severe! In our daily tasks we find a lot of web-based malware that varies in size and impact….
Read More about Open Source Backdoor – Copyrighted Under GNU GPL
