The Jetpack team just released a critical security update to fix a security vulnerability in the Jetpack WordPress plugin. The vulnerability allows an attacker to bypass the site’s access control and publish posts on the site. All versions of JetPack since October, 2012 (Jetpack 1.9) are vulnerable, and all users should update to version 2.9.3 […]
Archive by Author
Patching The Heartbleed OpenSSL Vulnerability
Security Researchers have discovered a very serious vulnerability in the OpenSSL library that is used to power HTTPS on most websites. Many news sources are now covering the story, and we recommend reading their articles to understand the scope of what is happening and the impact of the threat: Critical crypto bug in OpenSSL opens […]
Ad Violations: Why Search Engines Won’t Display Your Site If it’s Infected With Malware
As your site’s webmaster, have you ever seen an e-mail from Google like this: Hello, We wanted to alert you that one of your sites violates our advertising policies. Therefore, we won’t be able to run any of your ads that link to that site, and any new ads pointing to that site will also […]
Thumb Wars: Sucuri Acquires Google Webmaster Tools
Today Sucuri unofficially acquires Google Webmaster Tools. In an effort to combine forces of good, Sucuri officials challenged Google to a thumb wrestling war. Here is a breakdown of the event. Over The Top In a best-of-5 style tournament, the competition got heated. The underdog had fought well, and stayed in it to win it, […]
JCE Joomla Extension Attacks in the Wild
Our friends from SpiderLabs, issued a warning today on their blog about increased activity on their honeypots looking to exploit the old JCE (Joomla Content Editor) vulnerability. JCE is a very popular component that can be found enabled on almost any Joomla site. It has had a few serious vulnerabilities in the past (around 2011 […]
Unmasking “Free” Premium WordPress Plugins
WordPress has a large repository of free plugins (currently 30,000+) that can add almost any functionality to your blog. However, there is still a market for premium plugins. Premium plugins are especially popular when they help blogs make money: eCommerce, SEO, affiliate and customer management, and so on. Such plugins may be really great and […]
Windigo Linux Analysis – Ebury and Cdorked
Our friends over at ESET released a very detailed document about the Windigo Operation. The Windigo Operation has been responsible for the compromise of thousands of Linux servers over the years. When you hear terms like Ebury, CDorked, Calfbot and others, they are all related to each other. Over the last few years, our team […]
Security Exploit Patched on vBulletin – PHP Object Injection
The vBulletin team just issued a warning, and released patches for a security exploit that affected all versions of vBulletin including 3.5, 3.6, 3.7, 3.8, 4.X, 5.X. They recommend that anyone using vBulletin apply these patches as soon as possible. Here is part of their announcement: A security issue has been found that affects all […]
Understanding Denial of Service and Brute Force Attacks – WordPress, Joomla, Drupal, vBulletin
Many are likely getting emails with the following subject header Large Distributed Brute Force WordPress Attack Underway – 40,000 Attacks Per Minute. Just this week we put out a post titled More Than 162,000 WordPress Sites Used for Distributed Denial of Service Attack. What’s the Big Deal? Remember life before social media? How quiet and […]
More Than 162,000 WordPress Sites Used for Distributed Denial of Service Attack
Distributed Denial of Service (DDOS) attacks are becoming a common trend on our blog lately, and that’s OK because it’s a very serious issue for every website owner. Today I want to talk about a large DDOS attack that leveraged thousands of unsuspecting WordPress websites as indirect amplification vectors. Any WordPress site with XML-RPC enabled […]
