Zero-day in the Fancybox-for-WordPress Plugin
Daniel Cid Update: We posted an analysis of the vulnerability following this post. Our research team was alerted to a possible malware outbreak affecting many WordPress websites.…
Browsing Category
Website Malware Infections
865 posts
Bogus Mobile-Shortcuts WordPress Plugin Injects SEO Spam
Ben Martin Here at Sucuri we see countless cases of SEO spam where a website is compromised in order to spread pharmaceutical advertisements or backlinks to sites…
DDoS from China – Facebook, WordPress and Twitter Users Receiving Sucuri Error Pages
Over the past few weeks our Security Operation Center (SOC) has been seeing some unique and very suspicious requests to some of our servers. At…
Websites Compromised with CloudFrond Injection
Fioravante Souza If you haven’t already noticed, we spent a good deal of time scraping the bottom of the interweb barrel. It’s dirty work, but someone has…
Website Backdoors Leverage the Pastebin Service
Denis Sinegubko We continue our series of posts about hacker attacks that exploit a vulnerability in older versions of the popular RevSlider plugin. In this post we’ll…
2014 Website Defacements
When a website has been defaced, it is often the most visual and obvious hack that a website can suffer from. They also come parceled…
WP Symposium – Zero Day Vulnerability Dangers
David Dede Our friends at SpiderLabs released a blog post today talking about the latest WP Symposium file upload vulnerability, and the attacks they have been seeing…
Analyzing The WordPress SoakSoak Favicon Backdoor
This post is a dissection of one of a few backdoor variations hackers are uploading via the RevSlider security hole. We also provide webmasters a…
New Malware Campaign – WPcache-Blogger – Affects Thousands more WordPress Websites via RevSlider
If SoakSoak wasn’t enough, we are starting to see a new malware campaign leveraging the RevSlider vulnerability and compromising thousands of WordPress sites in the…
SoakSoak Campaign Evolves – New Wave of Attacks
Since Sunday, we have seen a new wave of SoakSoak reinfections. The Javascript continues to evolve and load other scripts in order to infect additional…
SoakSoak: Payload Analysis – Evolution of Compromised Sites – IE 11
Thousands of WordPress sites have been hit by the SoakSoak attack lately. At this moment we know quite a lot about it; it uses the…