What is the Cost of Cybercrimes & Attacks
John Booker The word cybercrime is no longer just a word you hear coming from Fortune 500 CEOs anymore. This word has being flashed on every good…
Browsing Category
Website Security
1024 posts
Down the Malware Rabbit Hole – Part 1
Cesar Anjos It’s common for malware to be encoded to hide itself—or its true intentions—but have you ever given thought to what lengths attackers will go to…
A New Wave of Buggy WordPress Infections
Denis Sinegubko We’ve been following an ongoing malware campaign for the past couple of years now. This campaign is renowned for its prompt addition of exploits for…
National Cybersecurity Awareness Month
Juliana Lewis Since 2003, October has been recognized as National Cybersecurity Awareness Month. It is an annual campaign to raise awareness about the importance of cybersecurity and…
Zero-Day RCE in vBulletin v5.0.0-v5.5.4
Marc-Alexandre Montpas A new remote code execution (RCE) zero-day vulnerability has been disclosed by an anonymous researcher on the full disclosure mailing list this past Monday. This…
Joomla! Security Best Practices: 12 Ways to Keep Joomla! Secure
Victor Santoyo At Sucuri, we’re often asked how website owners and webmasters can secure their websites. However, most advice can often be too broad; different content management…
The Hacker Returns: A Backdoor Edition
Moe O Once an attacker manages to hack and gain access to a target site or system, they typically work hard to maintain their access—as long as…
Fake SSO Used In Multi-Email Provider Phishing
Luke Leal Single sign-on (SSO) allows users to sign into a single account (e.g Google) and access other services like YouTube or Gmail without authenticating with a…
Fake Human Verification Spam
We recently released an update to our Labs Knowledgebase for new plugins that had been targeted during the month of July 2019. One of these…
Unauthenticated settings update in woocommerce-ajax-filters
John Castro woocommerce-ajax-filters, which currently has over 10,000 installations (versions <=1.3.6) allows unauthenticated attackers to arbitrarily update all the plugin options and redirect any user to an…
Misuse of WordPress update_option() function Leads to Website Infections
In the past four months, Sucuri has seen an increase in the number of plugins affected by the misuse of WordPress’ update_option() function. This function…