Zero-Day RCE in vBulletin v5.0.0-v5.5.4
Marc-Alexandre Montpas A new remote code execution (RCE) zero-day vulnerability has been disclosed by an anonymous researcher on the full disclosure mailing list this past Monday. This…
Browsing Category
Security Advisory
235 posts
Fake Human Verification Spam
Luke Leal We recently released an update to our Labs Knowledgebase for new plugins that had been targeted during the month of July 2019. One of these…
Misuse of WordPress update_option() function Leads to Website Infections
John Castro In the past four months, Sucuri has seen an increase in the number of plugins affected by the misuse of WordPress’ update_option() function. This function…
Spam That Fits Your Website
Gabriel Barbosa Most of the time when we talk about spam, we think about mindless machines that create posts or comments to advertise a business related to…
Lightbox Adware – From Innocent Scripts to Malicious Redirects
Cesar Anjos It’s no news that webmasters commonly make use of external scripts to add more features to their site, but things can turn out for the…
FTP Logs Used to Determine Attack Vector
Krasimir Konov Logs can be very useful because they are a record of what was done by whom. They are especially useful when you need to find…
New Guide on the Sucuri Referral Program
Chase Watts Referral programs and affiliate marketing opportunities can be found on many web-based company sites, however, often they’re overlooked. Commonly people consider these programs as something that…
Reset Email Account Passwords After a Website Malware Infection
It’s not uncommon for bad actors to use compromised websites to send large amounts of email spam. This can cause major headaches for website owners…
PCI for SMB: Requirement 12 – Maintain an Information Security Policy
Victor Santoyo Update: Read our new PCI Compliance guide. Welcome to the final post to conclude our series on understanding the Payment Card Industry Data Security Standard–PCI…
From .tk Redirects to PushKa Browser Notification Scam
Denis Sinegubko In the past couple of years, we’ve been tracking a long-lasting campaign responsible for injecting malicious scripts into WordPress sites. This campaign leverages old vulnerabilities…
Attacks on Closed WordPress Plugins
The WordPress plugin repository team may “close” plugins and restrict downloads when they become aware of a security issue that the developer cannot fix quickly.…