Disclosure: Insecure Nonce Generation in WPtouch
Marc-Alexandre Montpas If you use the popular WPtouch plugin (5M+ downloads) on your WordPress website, you should update it immediately. During a routine audit for our WAF,…
Website Malware – Mobile Redirect to BaDoink Porn App
Daniel Cid A few weeks ago we reported that we were seeing a huge increase in the number of websites compromised with a hidden redirection to pornographic…
Simplifying the Language of Website Security
David Dede A couple of weeks ago, the Sucuri team was at HostingCon. We rubbed elbows with the people who bring your websites to the world and…
Ask Sucuri: Who is Logging into My WordPress Site?
Today, we’re going to revisit our Q&A series. If you have any questions about malware, blacklisting, or security in general, send them to us at:…
Remote File Upload Vulnerability in WordPress MailPoet Plugin (wysija-newsletters)
Marc-Alexandre Montpas, from our research team, found a serious security vulnerability in the MailPoet WordPress plugin. This bug allows an attacker to upload any file…
TimThumb WebShot Code Execution Exploit (Zeroday)
If you are still using Timthumb after the serious vulnerability that was found on it last year, you have one more reason to be concerned.…
Spam Hack Targets WordPress Core Install Directories
Do you run your website on WordPress? Have you checked the integrity of your core install lately for SPAM like “Google Pharmacy” stores or other…
Disclosure: Remote Code Execution Vuln in Disqus
We recently found a security vulnerability in the Disqus Comment System plugin for WordPress. It could, under very specific conditions, allow an attacker to perform…
Case Study: Complexities of “Simple” Malware
Peter Gramantik You know when you pull a string on a sweater and it just keeps going and going? You wonder when or if it will ever…
Is My Website Hacked? If You Have to Ask, Then, “Yes.”
The problem with phishing, and therefore the reason so many people have trouble with it, is that the code is fairly benign and can be…
CloudProxy + SPDY = A Faster Website
Our Website Firewall already protects and speeds up over 1,000 websites. Now, it’ll be even faster. We’re happy to announce that we just added support…