Website Security News
A zero-day vulnerability has just appeared in the WordPress plugin world, affecting over 70,000 sites using the Social Warfare plugin. The plugin is vulnerable to a Stored XSS (Cross-Site Scripting) vulnerability and has been removed from the plugin repository. Attacks can be conducted by any…
The Easy WP SMTP plugin authors have released a new update, fixing a very critical 0day vulnerability. When leveraged, this vulnerability gives unauthenticated attackers the power to modify any options…
Read More about 0day Vulnerability in Easy WP SMTP Affects Thousands of Sites
After recent publication of the Uncommon Radixes Used in Malware Obfuscation article, we found an interesting Twitter thread involving @EKFiddle and @Ledtech3 #EKFiddle [Regex update]: Added Radix Web Skimmer identified…
Read More about More on Dnsden[.]biz Swipers and Radix Obfuscation
The WP-Fastest-Cache plugin authors released a new update, version 0.8.9.1, fixing a vulnerability (CVE-2019-6726) present during its install alongside the WP-PostRatings plugin. According to seclists.org: “A successful attack allows an…
Read More about Arbitrary Directory Deletion in WP-Fastest-Cache
Some JavaScript features allow for pretty interesting obfuscation techniques. For example, did you know that virtually any English word can be used as a valid number? I recently decoded a…
Read More about Uncommon Radixes Used in Malware Obfuscation
While investigating the SiteGround Optimizer and Caldera Forms Pro plugins we have discovered a critical privilege escalation vulnerability. It was not being abused externally and impacts over 500,000 sites. It’s…
Read More about Insufficient Privilege Validation in SiteGround Optimizer & Caldera Forms Pro
We are proud to be releasing our latest Hacked Website Trend Report for 2018. This report is based on data collected and analyzed by the GoDaddy Security / Sucuri team,…
Recently we came across a malicious campaign injecting scripts that push fake browser updates onto site visitors. This is what a typical fake update request looks like: Users see a…
Read More about Fake Browser Updates Push Ransomware and Bank Malware
Over the last few months, we’ve noticed several credit card-stealing scripts that use variations of the Google Analytics name to make them look less suspicious and evade detection by website…
Read More about Google Analytics and Angular in Magento Credit Card Stealing Scripts
The most effective phishing and malware campaigns usually employ one of the following two age-old social engineering techniques: Impersonation These online phishing campaigns impersonate a popular brand or product through…
Read More about Hackers Use Fake Google reCAPTCHA to Cloak Banking Malware
As a website industry professional, you are aware of the importance of website security. This is especially true when managing 10 or more sites. How can you convey this message…
Read More about Add Security to Your Website Agency Portfolio
![More on Dnsden[.]biz Swipers and Radix Obfuscation](https://blog.sucuri.net/wp-content/uploads/2019/03/03192019-uncommon-radixes-uses-in-malware-obfuscation-update_blog-585x275.png)
