Cloudflare’s mission is to help build a faster and more secure Internet. Over the last several years, the Internet Engineering Task Force (IETF) has been working on a new version of TLS, the protocol that powers the secure web. Last September, Cloudflare was the first service provider to enable people to use this new version […]
Archive | Security
RSS feed for this sectionStored XSS in WordPress Core
As you might remember, we recently blogged about a critical Content Injection Vulnerability in WordPress which allowed attackers to deface vulnerable websites. While our original disclosure only described one vulnerability, we actually reported two to the WordPress team. As it turns out, it was possible to leverage the content injection issue to achieve a stored cross-site scripting attack. This issue […]
SF9 Realex Magento Module Targeted by Credit Card Scrapers
Attackers are constantly developing new techniques to compromise ecommerce websites and steal sensitive data. Over the last several weeks, we tracked massive attacks against Magento sites where attackers are injecting malicious scripts that create functions designed to steal credit card information. This technique is not restricted to Magento core files. These days, attackers are trying […]
Bank Phishing Incident Analysis
Everyone has received a phishing scam via email at one point or another. Thanks to modern anti-spam technology, most of these messages are blocked from ever reaching our inboxes. I said most of them. Today I got one that was able to get through the bouncer: The subject (in Brazilian Portuguese and poorly crafted) translates […]
Cloudflare at Google NEXT 2017
The Cloudflare team is headed down the street to Google NEXT 2017 from March 8th – 10th at Moscone Center booth C7 in San Francisco, CA. We’re excited to meet with existing partners, customers, and new friends! Come learn about Cloudflare’s recent partnership with Google Cloud Platform (CGP) through their CDN Interconnect Program. Cloudflare offers […]
vBulletin Used to Show Malicious Advertisements
In the past, we have seen a massive amount of vBulletin websites compromised through the VBSeo Vulnerability. Attackers have been infecting vBulletin websites since 2012 with this malware, and more recently with a new variation of the same infection. Ever since this new development, the table datastore in vBulletin has been a prime candidate for […]
Labs Notes Monthly Recap – Feb/2017
Every month we recap the latest posts on Sucuri Labs, written by our Malware Research Team (MRT) and Incident Response Team (IRT). The Sucuri Labs website provides technical analysis and industry updates directly from our teams on the front line. You can read past-monthly recaps for an overview of the posts we’ve released. Last month, […]
The Story of an Expired WHOIS Server
We write quite often about SEO spam injections on compromised websites, but this is the first time we have seen this blackhat tactic spreading into the WHOIS results for a domain name. If you are not familiar with “WHOIS“, it is a protocol used to check who owns a specific domain name. These simple text […]
Quantifying the Impact of “Cloudbleed”
Last Thursday we released details on a bug in Cloudflare’s parser impacting our customers. It was an extremely serious bug that caused data flowing through Cloudflare’s network to be leaked onto the Internet. We fully patched the bug within hours of being notified. However, given the scale of Cloudflare, the impact was potentially massive. The […]
SQL Injection Vulnerability in NextGEN Gallery for WordPress
As part of a vulnerability research project for our Sucuri Firewall (WAF), we have been auditing multiple open source projects looking for security issues. While working on the WordPress plugin NextGEN Gallery, we discovered a severe SQL Injection vulnerability. This vulnerability allows an unauthenticated user to grab data from the victim’s website database, including sensitive […]
