Zero-Day RCE in vBulletin v5.0.0-v5.5.4
Marc-Alexandre Montpas A new remote code execution (RCE) zero-day vulnerability has been disclosed by an anonymous researcher on the full disclosure mailing list this past Monday. This…
Browsing Category
Website Security
1031 posts
Joomla! Security Best Practices: 12 Ways to Keep Joomla! Secure
Victor Santoyo At Sucuri, we’re often asked how website owners and webmasters can secure their websites. However, most advice can often be too broad; different content management…
The Hacker Returns: A Backdoor Edition
Moe O Once an attacker manages to hack and gain access to a target site or system, they typically work hard to maintain their access—as long as…
Fake SSO Used In Multi-Email Provider Phishing
Luke Leal Single sign-on (SSO) allows users to sign into a single account (e.g Google) and access other services like YouTube or Gmail without authenticating with a…
Fake Human Verification Spam
We recently released an update to our Labs Knowledgebase for new plugins that had been targeted during the month of July 2019. One of these…
Unauthenticated settings update in woocommerce-ajax-filters
John Castro woocommerce-ajax-filters, which currently has over 10,000 installations (versions <=1.3.6) allows unauthenticated attackers to arbitrarily update all the plugin options and redirect any user to an…
Misuse of WordPress update_option() function Leads to Website Infections
In the past four months, Sucuri has seen an increase in the number of plugins affected by the misuse of WordPress’ update_option() function. This function…
Dissecting the WordPress 5.2.3 Update
Last week, WordPress released version 5.2.3 which was a security and maintenance update, and as such, contained many security fixes. Part of our day to…
How to Audit & Cleanup WordPress Plugins & Themes
Pilar Garcia In an interview with Smashing Magazine our CoFounder (now Head of Security Products at GoDaddy) Tony Perez was asked the following question. What Makes WordPress…
Throwback Threat Thursday: Joomla GoogleMaps Plugin SEO Spam Injection
Fioravante Souza Throwback Threat Thursday is a series of posts where we recall older vulnerabilities that have since been patched by their developers. In the past, these…
What is Cryptocurrency Mining Malware?
Brian Bautista Before we get into the details of “Cryptocurrency Mining Malware”, we need to understand first what cryptocurrency is and what miners are. What is Cryptocurrency?…