Website Malware: Mobile Redirect to BaDoink Porn App Evolving
Peter Gramantik Recently, we wrote about a malware redirect causing compromised sites to redirect their visitors to pornographic content (specifically, the BaDoink app). You can read more…
Critical Vulnerability Disclosed on WordPress Custom Contact Forms Plugin
Marc-Alexandre Montpas If you’re a using the Custom Contact Forms WordPress plugin, you need to update it right away. During a routine audit for our WAF, we…
WordPress and Drupal Core Denial Of Service Vulnerability – Moderately Critical
David Dede Both WordPress and Drupal are affected by a DoS (denial of service) vulnerability on the PHP XML parser used by their XMLRPC implementations. The issue…
Website Security Analysis: A “Simple” Piece of Malware
For regular readers of this blog, there is one constant that pops up over and over: Malware gets more complex. When malware researchers, like myself,…
Yoast and Sucuri Partner to Create a Safer Web
We’re very excited to finally talk about a partnership that’s been in the works for a few months and in light of the serious nature…
Backups – The Forgotten Website Security Pillar
Tony Perez I travel a lot (might actually be an understatement these days), but the travel always revolves around a couple of common threads – website security…
Responsible Disclosure – Sucuri Open Letter to MailPoet and Future Disclosures
Many don’t know who I am. My name is Tony Perez, I’m the CEO of Sucuri. I have the pleasure of calling this company my…
New Brute Force Attacks Exploiting XMLRPC in WordPress
Daniel Cid Brute force attacks against WordPress have always been very common. In fact, Brute Force attacks against any CMS these days is a common occurrence, what…
MailPoet Vulnerability Exploited in the Wild – Breaking Thousands of WordPress Sites
A few weeks ago we found and disclosed a serious vulnerability on the MailPoet WordPress Plugin. We urged everyone to upgrade their sites immediately due…
Massive Malware Infection Breaking WordPress Sites
Update: We identified the root cause: MailPoet Vulnerability Exploited in the Wild – Breaking Thousands of WordPress Sites. The last few days has brought about…
SQL Injection Vulnerability – vBulletin 5.x
The vBulletin team just released a security patch for vBulletin 5.0.4, 5.0.5, 5.1.0, 5.1.1, and 5.1.2 to address a SQL injection vulnerability on the member…