WHMCS SQL Injection Vulnerability in the Wild
Daniel Cid A few days ago, a zero-day SQL injection vulnerability in WHMCS was disclosed by localhost.re, along with the exploit code. It was quickly patched by…
Malware iFrame Campaign from Sytes(.)net
For the last few weeks we have been tracking a large malframe (malicious iframe) campaign that has been injecting iframes from random domains from sytes(.)net…
WordPress Database Table and wp_head Injections
There are multiple places where a malware injection can be hidden on a web site. On WordPress, for example, it can be hidden inside the…
CloudProxy WAF – September Report
*By Tony Perez and Daniel Cid As many of you are aware we released a website protection tool, CloudProxy WAF/IDS, at the beginning of the…
Sucuri Expands Research Efforts with Acquisition of Unmask Parasites
Dre Armeda Our goal at Sucuri is to be the best website security company of today and in the future. To help build on our existing research…
Ask Sucuri: Non-Alphanumeric Backdoors
If you have any questions about malware, blacklisting, or security in general, send them to contact@sucuri.net and we will write a post about it and…
WordPress 3.6.1 Released – Includes Security Fixes
The WordPress team just pushed out a new version of WordPress. WordPress 3.6.1 is a maintenance release that includes some security bug fixes. Straight from…
Security Archive – Case Study: phpbb.com Compromised
Security Archive: It is important to remember past security incidents to make sure we don’t commit the same mistakes over and over again. The idea…
Over 10% of Alexa TOP Million Websites Found Not Safe – Infographic Report
We scan a lot of websites per day. Through our daily work we see all sizes and types of websites compromised, blacklisted, and filled with…
Big Increase in Distributed Brute Force Attacks Against Joomla Websites
Update: Brute force protection now available: http://cloudproxy.sucuri.net/brute-force-protection A few months ago, we discussed and published details about a very large brute force attack targeting WordPress…
Potential vBulletin Exploit (4.1+ and 5+)
The vBulletin team just posted a pre-disclosure warning on their announcements forum about a possible exploit in versions 4.1+ and 5+ of vBulletin. They don’t…