Website Security News
Here at Sucuri, we clean WordPress websites every day. There are various types of common malware, but when we stumble upon a different scenario, our research team likes to dig deeper and conduct a complete investigation. A license key is a place where a webmaster…
Read More about Spam Injector Disguised as License Key in WordPress Website
Most websites today use cookies. Since May 25th, 2018, all websites that do business in the European Union (EU) had to make some changes to be compliant with the EU…
Read More about Cookie Consent Script Used to Distribute Malware
We handle an enormous number of SEO spam infections here at Sucuri. In Q3 of 2016, approximately 37% of all website infection cases were related to SEO spam campaigns through…
Read More about Malware Serving SEO Spam from External Sites
We all know that we shouldn’t click on links from sketchy looking emails. But what if the website you’re viewing takes you to a spoofed page at the Apple ID…
Last year we took a look at how attackers were infecting Drupal installations to spread their spam and keep their campaigns going by just including a malicious file in each…
Read More about Evolution of Conditional Spam Targeting Drupal Sites
Unwanted ads are one of the most common problems that site owners ask us to solve. Recently, we’ve noticed quite a few requests to remove intrusive “shorte st” ads that…
Read More about Unwanted “Shorte St” Ads in Unpatched Newspaper Theme
After carefully designing a theme and images that represent your brand, nothing is worse than seeing a malicious image suddenly associated with your business or website. In a recent blog…
Read More about Malicious Image Defacement Hidden from Search Engines
In a previous post, we illustrated how attackers were fetching information from compromised sites under their control to display spam content on other hacked websites. By adding malicious files into…
During a recent malware investigation, we found some interesting obfuscated Javascript code. This code pretends to appear as part of the popular AddThis social sharing plugin, using it in URL…
Read More about JavaScript Injections Leads to Tech Support Scam
When a website is hacked, we often find that attackers have injected multiple backdoors, web shells, and malicious code that allows them to regain access if the original vulnerability is…
Read More about Fake bb_press Plugin Redirects to Mobile Pornography
Navigating the web on a mobile device can be tricky even when you’re browsing clean sites. If hackers are involved, the frustration of a pop-up can turn into the dangerous…
