Website Security News
In the past four months, Sucuri has seen an increase in the number of plugins affected by the misuse of WordPress’ update_option() function. This function is used to update a named option/value in the options database table. If developers do not implement the permission flow…
Read More about Misuse of WordPress update_option() function Leads to Website Infections
Before we get into the details of “Cryptocurrency Mining Malware”, we need to understand first what cryptocurrency is and what miners are. What is Cryptocurrency? Cryptocurrency is best thought of…
These days, we consider a malware campaign massive if it affects a couple thousand websites. However, back in the day when Sucuri first started its operations, the scale of infections…
Read More about TimThumb Attacks: The Scale of Legacy Malware Infections
A hack or cyber attack is the act of maliciously entering, taking control over, or manipulating by force a web application, server, or file that belongs to someone else. Cyber…
Read More about What Hackers Do after Gaining Access to a Website
Over the past few weeks, we’ve seen an increase in Troldesh ransomware using compromised websites as intermediary malware distributors. The malware often uses a PHP file that acts as a…
Last year we saw a fairly massive Magento malware campaign that injected credit card stealing code similar to this: It uses the JavaScript atob function to decode base64-encoded domain names…
Front-end JavaScript-based credit card stealing malware has garnered a lot of attention within the security community. This makes sense, since the “swipers” can be easily detected by simply scanning the…
During a recent cleanup, we found an interesting malicious WordPress plugin, “WP Security”, that was being used to encrypt blog post content. The website owner complained of a newly installed…
Read More about Malicious Plugin Used to Encrypt WordPress Posts
Most of us are familiar with Neapolitan ice cream: a flavour whose distinguishing characteristic is not one single flavour but several. Many also know it as the ice cream which…
Hardening is the process of securing a website or system against known security weaknesses or potential issues to reduce the attack surface. The more functions or features a website has,…
We were recently contacted by a Magento website owner who had been blacklisted and was experiencing McAfee SiteAdvisor “Dangerous Site” warnings. Our investigation revealed that the site had been infected…
Read More about Fake Google Domains Used in Evasive Magento Skimmer
