Sucuri Labs

From the hacker’s perspective, maintaining access to a compromised website for as long as possible, is ideal. One way to achieve this goal, is by…

Recently, during an incident response process, we have found an advertisement floating banner on specific pages of an html-based website. Despite what people think, these…

Hacking into Magento sites and injecting code to steal payment information is very profitable and it’s the biggest trend we are seeing in 2016. It is interesting enough to notice that the same group is being responsible for several attacks.

A few weeks ago, we posted a lab notes describing a good theme file being exploited by attackers to send mass-mailing SPAM (http://labs.sucuri.net/?note=2016/08/15 0:00). Upon…

Lately, we’ve noticed an increase of login credentials stealing attempts and techniques targeting e-commerce based websites. These websites usually have sensitive information (credit card &…

While investigating a compromised Magento-based ecommerce website, we found a malicious code that’s being used to steal and maintain unauthorized access to user accounts. This…

During an incident response process, we found a very interesting malicious code abusing some PHP tricks. Attackers placed the malware at the end of a…

Lately we’ve seen more backdoors that have some specific characteristics, like using several spaces between the code and processing information coming from POST requests. Attackers…

With so many open-source ecommerce platforms available in the market, creating an online shop is as easy as ABC. In less than five minutes you…

A few days ago, colleagues from White Fir Design disclosed an arbitrary file upload vulnerability in the WP Marketplace plugin and helped remove it from…