Bogus Mobile-Shortcuts WordPress Plugin Injects SEO Spam
Ben Martin Here at Sucuri we see countless cases of SEO spam where a website is compromised in order to spread pharmaceutical advertisements or backlinks to sites…
Browsing Category
WordPress Security
680 posts
Critical “GHOST” Vulnerability Released
Marc-Alexandre Montpas A very critical vulnerability affecting the GNU C Library (glibc) is threatening Linux servers for a remote command execution. This security bug was discovered by Qualys security…
DDoS from China – Facebook, WordPress and Twitter Users Receiving Sucuri Error Pages
Daniel Cid Over the past few weeks our Security Operation Center (SOC) has been seeing some unique and very suspicious requests to some of our servers. At…
Security Advisory – Vulnerabilities in Pagelines for WordPress
Users of both the Pagelines and Platform themes should update as soon as possible. During a routine audit for our WAF, we found two dangerous issues: A…
WP Symposium – Zero Day Vulnerability Dangers
David Dede Our friends at SpiderLabs released a blog post today talking about the latest WP Symposium file upload vulnerability, and the attacks they have been seeing…
Analyzing The WordPress SoakSoak Favicon Backdoor
Denis Sinegubko This post is a dissection of one of a few backdoor variations hackers are uploading via the RevSlider security hole. We also provide webmasters a…
New Malware Campaign – WPcache-Blogger – Affects Thousands more WordPress Websites via RevSlider
If SoakSoak wasn’t enough, we are starting to see a new malware campaign leveraging the RevSlider vulnerability and compromising thousands of WordPress sites in the…
SoakSoak Campaign Evolves – New Wave of Attacks
Since Sunday, we have seen a new wave of SoakSoak reinfections. The Javascript continues to evolve and load other scripts in order to infect additional…
SoakSoak: Payload Analysis – Evolution of Compromised Sites – IE 11
Thousands of WordPress sites have been hit by the SoakSoak attack lately. At this moment we know quite a lot about it; it uses the…
RevSlider Vulnerability Leads To Massive WordPress SoakSoak Compromise
Yesterday we disclosed a large malware campaign targeting and compromising over 100,000 WordPress sites, and growing by the hour. It was named SoakSoak due to…
SoakSoak Malware Compromises 100,000+ WordPress Websites
Tony Perez This Sunday has started with a bang. Google has blacklisted over 11,000 domains with this latest malware campaign from SoakSoak.ru: Our analysis is showing impacts…