We are happy to announce that we have launched Sucuri Academy to offer free website security courses. Our main goal at Sucuri is to make the internet a safer place. One of our investments is creating the best educational content about website security to share our knowledge with the community. With that in mind, we […]
Archive by Author
Sucuri Sit-Down Episode 2: Malware Types Explained with Krasimir Konov
Malware comes in many different varieties. Analyst Krasimir Konov is on this month’s Sucuri Sit-Down to help keep them all straight. From malicious iframes to SEO spam, join host Justin Channell as he racks Krasimir’s brain on all the different types of malware. Also, Krasimir discusses his recent blog post about a malicious cURL downloader, […]
Cross Site Scripting in YITH WooCommerce Ajax Product Filter
During a routine research audit for our Sucuri Web Application Firewall, we discovered a cross-site scripting (XSS) vulnerability affecting 100,000+ users of the YITH WooCommerce Ajax Product Filter plugin. Current State of the Vulnerability This security bug was fixed in the 3.11.1 release. We are not aware of any exploit attempts currently using this vulnerability. […]
Vulnerable Plugins: June 2020 Update
This is a mid-month update to our regular Monthly Vulnerability Digest, which reveals a number of new patches for disclosed vulnerabilities. Plugin Vulnerability Patched Version Installs Elementor Page Builder Authenticated Stored XSS 2.9.10 5000000 AdRotate Authenticated SQL Injection 5.8.4 40000 Brizy – Page Builder Improper Access Controls 1.0.126 60000 Careerfy Unauthenticated XSS 3.9.0 5000 SportsPress […]
Experience + Technology: How We Clean Infected Websites at Sucuri
Our malware removal service is particularly effective because it combines automated and human elements. The process gets off to a quick start thanks to cleanup scripts developed by our threat researchers. Real people also get their hands dirty handling tough work that shouldn’t be automated. The automated scripts identify and remove a lot of website […]
What is the Gibberish Hack?
Discovering some random folder with numbers and letters you don’t remember on your website would make any website owner put on their detective cap. At first, you may think, “Did I leave my FTP client open and my cat ran across the keyboard?” But when you open the folder, you find a series of HTML […]
What is a Website Defacement?
Website defacement is the most obvious sign of a hack. In these cases, bad actors who have gained access to an environment leave their mark through digital vandalism. For website owners, it means trying to access your homepage, only to find all of the code and content you’ve worked on replaced with something like this: […]
Evasion Tactics in Hybrid Credit Card Skimmers
The most common type of Magento credit card stealing malware is client-side JavaScript that grabs data entered in a checkout form and sends it to a third-party server controlled by the attackers. Though popular with bad actors, one of the drawbacks of this approach is that it’s possible to track requests to suspicious servers if […]
Labs Notes Monthly Recap – May/2020
In 2020, we doubled up our research efforts to report on many new attacks and hacks that we see in the wild. We believe that being informed is a big part of having a good website security posture. Sucuri Labs provides website malware research updates directly from our teams on the front line. Our Labs […]
How to Find & Fix WordPress Pharma Hack
It’s hard for any website owner to discover pharmaceutical spam. Finding bogus content for prescription drugs on a website you watched grow from a tiny blog can be heartbreaking. But don’t blame your website: it just got caught up in a bad crowd of SEO spammers. SEO spam occurs when bad actors inject a website […]
