During regular research audits for our Sucuri Firewall (WAF), we discovered a SQL Injection vulnerability affecting Joomla! 3.7. The vulnerability is easy to exploit and doesn’t require a privileged account on the victim’s site. Are You at Risk? The vulnerability is caused by a new component, com_fields, which was introduced in version 3.7. If you use this version, you […]
Archive | Security
RSS feed for this sectionWebsite Availability and Security When Migrating Hosts
Website security is a continuous process. It’s not something that should be turned on when the time is right; rather integrated into the full scope of how you deploy a website, maintain it, and ensure the safety of your visitors. At Sucuri, we protect websites with a wide range of website configurations, including business owners […]
Standing Up to a Dangerous New Breed of Patent Troll
On March 20th, Cloudflare received our first patent infringement claim: Blackbird Tech LLC v. Cloudflare, Inc. Today we’re filing our Answer to that claim in a federal court in Delaware. We have very strong arguments we will present in the litigation, mostly because the patent asserted against us does not have anything to do with […]
Fake WordPrssAPI Stealing Cookies and Hijacking Sessions
Cookies are stored in the user’s browser to track behavior on a specific website. They also keep a user logged in during the active browsing session. Without cookies a user would need to log in, in order to authenticate every action they take. Essentially, cookies keep a user logged in until they either log out […]
Anonymity and Abuse Reports
Last Thursday, ProPublica published an article critiquing our handling of some abuse reports that we receive. Feedback from the article caused us to reevaluate how we handle abuse reports. As a result, we’ve decided to update our abuse reporting system to allow individuals reporting threats and child sexual abuse material to do so anonymously. We […]
Introducing the New Sucuri Customer Dashboard
Over the course of the last year, our teams have been getting creative and making a collaborative effort to improve the experience of our customer dashboard. Website security is multifaceted and we understand the logistical complexities of managing multiple sites. That’s why we are continually brainstorming ways to make the management of your website security […]
Introducing the new Cloudflare Community Forum
Cloudflare’s community of users is vast. With more than 6 million domains registered, our users come in all shapes and sizes and are located all over the world. They can also frequently be found hanging out all around the web, from social media platforms, to Q&A sites, to any number of personal interest forums. Cloudflare […]
How eero mesh WiFi routers connect to the cloud
This is a guest post by Gabe Kassel, Product Manager for Embedded Software at eero. Relying on a single wireless router to provide internet in every room of the home is like expecting a single light bulb to illuminate the entire house. It’s physics – WiFi radio waves don’t travel through walls or objects easily. […]
Labs Notes Recap – Apr/2017
This month, our Malware Research and Incident Response teams wrote about several malware techniques that attempt to evade detection by focusing on small changes that website owners might miss. Examples include typos in domain names, unused top-level domains (i.e. .com, .solutions), and delayed banner ads. Sucuri Labs provides website malware research updates directly from our […]
IoT Security Anti-Patterns
From security cameras to traffic lights, an increasing amount of appliances we interact with on a daily basis are internet connected. A device can be considered IoT-enabled when the functionality offered by it’s Embedded System is exposed through an internet connected API. Internet-of-Things technologies inherit many attack vectors that appear in other internet connected devices, […]
