Plesk Vulnerability – In the Wild for Months Before Disclosure
Daniel Cid A few days ago we published a post about the Plesk 0-day vulnerability that we started to see being probed in the wild. It uses…
Browsing Category
Vulnerability Disclosure
254 posts
Plesk 0-day Remote Vulnerability in the Wild
Just last week another 0-day vulnerability on Plesk was released. It affects Plesk 9.2, 9.3 and 9.5.4 versions. If you have not yet, we recommend…
From a Site Compromise to Full Root Access – Local Root Exploits – Part II
When an attacker manages to compromise and get access to a website, they won’t likely stop there, they will aim to gain full root (admin)…
W3 Total Cache and WP Super Cache Vulnerability Being Targeted in the Wild
Tony Perez As if on queue, almost 7 days since we released the post about the latest W3TC and WP Super Cache remote command execution vulnerability, we…
Game of Coins: The Uprise of Bitcoin Mining
Dre Armeda Research by Daniel Cid. Authored by Dre Armeda. One thing you can’t take away from some of the attackers we deal with everyday is their…
Update WP Super Cache and W3TC Immediately – Remote Code Execution Vulnerability Disclosed
Shame on us for not catching this a month ago when it was first reported, but it seems that two of the biggest caching plugins…
Mass WordPress Brute Force Attacks? – Myth or Reality
We are seeing in the media some noise about a large distributed brute force attacks against all hosts targeting WordPress sites. According to reports, they…
2012 Web Malware Trends Report Summary
Sucuri is a website security company focused on the detection and remediation of web malware. In 2012, via our SiteCheck scanner, we scanned 9,953,729 unique…
Drupal Core Vulnerability Released – Denial of Service – Advisory SA-CORE-2013-002
As if the week wasn’t exciting enough, Drupal has released a core vulnerability that leaves it susceptible to Denial of Service attacks. Metadata for this…
WordPress Plugin: Easy Digital Downloads – Security Flaw Discovered and Patchedd
Last night we were contacted by Adam Pickering about a security flaw discovered in Easy Digital Downloads (EDD), a free WordPress eCommerce plugin that allows…
Web Server Attacks – Apache Modules, Log Management and RELM
New year, same tricks, mostly because they work. That’s how we’re kicking off the new year folks. In September of 2012, Dennis, of Unmask Parasites,…