While analyzing our website firewall logs we discovered an old vulnerability being retargeted in RevSlider, a popular WordPress plugin. In 2014 / 2015, this led to massive website compromises.…
We first disclosed that the WordPress pingback method was being misused to perform massive layer 7 Distributed Denial of Service (DDoS) attacks back in March 2014. The…
Update 2/17: This post is not about hackers tricking webmasters into installing fake Magento security patch. It’s about malware that pretends to be an applied…
Here at Sucuri we handle countless cases of SEO spam. This malware involves a website being compromised in order to spread (mostly pharmaceutical) advertisements by…
We leverage OSSEC extensively to help monitor and protect our servers. If you are not familiar with OSSEC, it is an open source Intrusion Detection System…
This past weekend we registered a spike in WordPress infections where hackers injected encrypted code at the end of all legitimate .js files. The distinguishing…
Today we are not going to explore malware or any other overtly malicious traffic. Instead this post is a warning about dishonest marketing tactics used…
The Magento Shoplift vulnerability had been patched about a year ago. And all this time we have been cleaning various Magento infections that steal customer…
During our regular research audits for our Cloud-based WAF, we discovered a Stored XSS vulnerability affecting the Magento platform that can be easily exploited remotely.…