Fake Human Verification Spam
Luke Leal We recently released an update to our Labs Knowledgebase for new plugins that had been targeted during the month of July 2019. One of these…
Unauthenticated settings update in woocommerce-ajax-filters
John Castro woocommerce-ajax-filters, which currently has over 10,000 installations (versions <=1.3.6) allows unauthenticated attackers to arbitrarily update all the plugin options and redirect any user to an…
Misuse of WordPress update_option() function Leads to Website Infections
In the past four months, Sucuri has seen an increase in the number of plugins affected by the misuse of WordPress’ update_option() function. This function…
Dissecting the WordPress 5.2.3 Update
Marc-Alexandre Montpas Last week, WordPress released version 5.2.3 which was a security and maintenance update, and as such, contained many security fixes. Part of our day to…
Throwback Threat Thursday: Joomla GoogleMaps Plugin SEO Spam Injection
Fioravante Souza Throwback Threat Thursday is a series of posts where we recall older vulnerabilities that have since been patched by their developers. In the past, these…
What is Cryptocurrency Mining Malware?
Brian Bautista Before we get into the details of “Cryptocurrency Mining Malware”, we need to understand first what cryptocurrency is and what miners are. What is Cryptocurrency?…
TimThumb Attacks: The Scale of Legacy Malware Infections
Denis Sinegubko These days, we consider a malware campaign massive if it affects a couple thousand websites. However, back in the day when Sucuri first started its…
How to Improve Ecommerce Security
Chase Watts If you have an ecommerce website, you are certainly concerned about ecommerce security. Business revenue depends on your online presence and having a website compromise…
Internet Cookies: What Are They and Are They Good or Bad?
Victor Santoyo Cookies! I LOVE Cookies. Oatmeal raisin are one of my particular favorite flavors. However, we’re not here to talk about baked goods as much as…
How Domain Expiration Can Potentially Disrupt Other Websites
A website owner recently reached out to us about a pop-up advertisement problem on their website which occurred any time someone clicked anywhere on the…
The Largest DDoS Attacks & What You Can Learn From Them
Pilar Garcia A DDoS (Distributed Denial of Service) is an attack that focuses on making the website unavailable to its legitimate users. DDoS attacks can produce service interruptions,…