Critical Microsoft IIS vulnerability Leads to RCE (MS15-034)

Microsoft just disclosed a serious vulnerability (MS15-034) on their Web Server IIS that allows for remote and unauthenticated Denial of Service (DoS) and/or Remote Code Execution (RCE) on unpatched Windows servers. An attacker only needs to send a
Read More

Impacts of a Hack on a Magento Ecommerce Website

cc-details

Recently we wrote about the impacts of a hacked website and how it is important to give website visitors a safe online experience In this post, I’ll show you how a hacked website results in almost immediate loss of money. We are not talking about d
Read More

How To Create a Website Backup Strategy

wire-rope-59675_640

We've all heard it million times before - backups are important. Still, the reality is that even today, backups remain one of the most overlooked and under-utilized precautions we can take to protect our vital data. Why are backups so
Read More

FBI Public Service Annoucement: Defacements Exploiting WordPress Vulnerabilities

ISIS-defacement

The US Federal Bureau of Investigation (FBI) just released a public service announcement (PSA) to the public about a large number of websites being exploited and compromised through WordPress plugin vulnerabilities: Continuous Web site defacements
Read More

Security Advisory: Persistent XSS in WP-Super-Cache

WP Super Cache Details Key

Security Risk: Dangerous Exploitation Level: Very Easy/Remote DREAD Score: 8/10 Vulnerability: Persistent XSS Patched Version:  1.4.4 During a routine audit for our Website Firewall (WAF), we discovered a dangerous persistent XSS vulnerability
Read More

Website Malware – The SWF iFrame Injector Evolves

VirusTotal Results for

Last year, we released a post about a malware injector found in an Adobe Flash (.swf) file. In that post, we showed how a SWF file is used to inject an invisible, malicious iFrame. It appears that the author of that Flash malware continued with
Read More

Intro to E-Commerce and PCI Compliance – Part I

Sucuri-ecommerce-PCI-compliance

Have you ever heard of the term PCI? Specifically, PCI compliance? If you have an ecommerce website you probably have already heard about it, but do you really understand what it means for you and your online business? In this series we will try to
Read More

WordPress Malware Causes Psuedo-Darkleech Infection

Malware in nav-menu.php

Darkleech is a nasty malware infection that infects web servers at the root level. It use malicious Apache modules to insert hidden iframes with certain responses. It's difficult to detect because the malware is only active when both the server and
Read More

Why Website Reinfections Happen

Core WordPress Files viewed in FTP program

I joined Sucuri a little over a month ago. My job is actually the Social Media Specialist, but we have this process where regardless of your job you have to learn what website infections look like and more importantly, how to clean them. It's this
Read More

The Impacts of a Hacked Website

Today, with the proliferation of open-source technologies like WordPress, Joomla and other Content Management Systems (CMS) people around the world are able to quickly establish a virtual presence with little to no cost. In the process however, a
Read More