Finding backdoors is one of the biggest challenges of a website security analyst, as backdoors are designed to be hidden in case the malware is found and removed. Website Backdoors A backdoor is a piece of malware that attackers leave behind to allow them access back into a website. Hackers like to inject code into different locations to More Info »
Outdated Duplicator Plugin RCE Abused
We’re seeing an increase in the number of cases where attackers are disabling WordPress sites by removing or rewriting its wp-config.php file. These cases are all linked to the same vulnerable software: WordPress Duplicator Plugin. Versions lower than 1.2.42 of Snap Creek Duplicator plugin are vulnerable to a Remote Code Execution attack, where the malicious visitor is More Info »
Unsuccessfully Defaced Websites
Defaced websites are a type of hack that is easy to notice and a pain for website owners. Recently, we came across some defacement pages with a peculiar JavaScript injection included in the source code. What is a Defacement? Website defacement is a hack that often involves adding malicious images to the website homepage and More Info »
New Guide on How to Use the Sucuri WordPress Security Plugin
Sucuri has always been active in the WordPress community. We’ve attended WordCamps around the world, created tools and features specifically for WordPress, and have maintained a free WordPress security plugin with over 400k installations. If you don’t already have it, you can download the Sucuri Security – Auditing, Malware Scanner and Security Hardening plugin directly More Info »
PCI for SMB: Requirement 5 & 6 – Maintain a Vulnerability Management Program
This is the fourth post in a series of articles on understanding the Payment Card Industry Data Security Standard – PCI DSS. We want to show how PCI DSS can help anyone going through the compliance process using the PCI SAQ’s (Self Assessment Questionnaires). In the previous articles we have written about PCI, we covered More Info »
WordPress Database Upgrade Phishing Campaign
We have recently been notified of phishing emails that target WordPress users. The content informs site owners that their database requires an update and looks like this: The email’s appearance resembles that of a legitimate WordPress update message, however the content includes typos and uses an older messaging style. Another suspicious item in the content More Info »
How to Improve Your Website Security Posture – Part II
In the first post of this series, we discussed some of the main website security threats. Knowing the website security environment is a vital part of a good website posture. However, it is also important to be aware of what to do to strengthen your website. Today, we are going to give you some practical More Info »
Core Integrity Verifications
In order to clean a malware infection, the first thing we need to know is which files have been compromised. At Sucuri, we use several techniques including whitelists, blacklists, and anomaly checks. In this blog post, we’re going to be focusing on how core integrity checks are a key component of the whitelisting model and More Info »
Fake Font Dropper
Every day we see different website infections. When we receive unusual or interesting cases, our researcher instincts are triggered to investigate the unusual website behavior in order to understand how new infections work. In this case, the odd behavior was the website’s pop-up window claiming there was a missing font. The Unwanted Popup Window A More Info »
Massive WordPress Redirect Campaign Targets Vulnerable tagDiv Themes and Ultimate Member Plugins
This August, we’ve seen a new massive wave of WordPress infections that redirect visitors to unwanted sites. When redirected, users see annoying pages with random utroro[.]com addresses and fake reCAPTCHA images. The messages and content try to convince visitors to verify and subscribe to browser notifications without disclosing the purpose of this behavior. Alternative redirect More Info »
