Website Security News
This past week, we’ve been monitoring a new wave of website infections mostly impacting WordPress and Magento websites. We found that hackers have been injecting scripts from scripts.trasnaltemyrecords[.]com into multiple files and database tables. This is still the same ongoing campaign that we’ve been following…
Read More about Vulnerable Versions of Adminer as a Universal Infection Vector
Last week, an ongoing WordPress malware campaign started a new wave which included a variety of experimental injection types. Scripts as Data URLs The first type looks pretty similar to…
Read More about Data URLs and HTML Entities in New WordPress Malware
We often find various fake WordPress plugins installed by hackers during website cleanups. Recently, we’ve noticed a new wave of infections that install fake plugins with backdoor functionality. Malicious Plugins…
When cleaning websites, we regularly find phishing pages, malicious code injected into files, and SEO spam. However, over the past couple of months we’ve also noticed a considerable increase in…
Read More about Cryptominers & Backdoors Found in Fake Plugins
We’ve been following an ongoing malware campaign for the past couple of years now. This campaign is renowned for its prompt addition of exploits for newly discovered WordPress theme and…
We recently released an update to our Labs Knowledgebase for new plugins that had been targeted during the month of July 2019. One of these newly targeted plugins was Advanced…
In the past four months, Sucuri has seen an increase in the number of plugins affected by the misuse of WordPress’ update_option() function. This function is used to update a…
Read More about Misuse of WordPress update_option() function Leads to Website Infections
In an interview with Smashing Magazine our CoFounder (now Head of Security Products at GoDaddy) Tony Perez was asked the following question. What Makes WordPress Vulnerable? “Here’s the simple answer….
Read More about How to Audit & Cleanup WordPress Plugins & Themes
These days, we consider a malware campaign massive if it affects a couple thousand websites. However, back in the day when Sucuri first started its operations, the scale of infections…
Read More about TimThumb Attacks: The Scale of Legacy Malware Infections
A website owner recently reached out to us about a pop-up advertisement problem on their website which occurred any time someone clicked anywhere on the web page. This irritating pop-up…
Read More about How Domain Expiration Can Potentially Disrupt Other Websites
During a recent cleanup, we found an interesting malicious WordPress plugin, “WP Security”, that was being used to encrypt blog post content. The website owner complained of a newly installed…
Read More about Malicious Plugin Used to Encrypt WordPress Posts
