Recently we came across a malicious campaign injecting scripts that push fake browser updates onto site visitors. This is what a typical fake update request looks like: Users see a message box that says it’s an “Update Center” for your browser type (in my case it’s Firefox, but they also have such messages for Chrome, […]
Tag Archives: WordPress Security
The Importance of Website Logs
As a security company, we deal with a lot of compromised websites. Unfortunately, in most cases, we have limited access to customer logs, which is one of the reasons why we don’t offer forensic analysis. Sucuri offers website monitoring, protection, and clean up, but sometimes we go that extra mile and investigate how websites become […]
The Importance of Website Logs
As a security company, we deal with a lot of compromised websites. Unfortunately, in most cases, we have limited access to customer logs, which is one of the reasons why we don’t offer forensic analysis. Sucuri offers website monitoring, protection, and clean up, but sometimes we go that extra mile and investigate how websites become […]
Spam Injector Disguised as License Key in WordPress Website
Here at Sucuri, we clean WordPress websites every day. There are various types of common malware, but when we stumble upon a different scenario, our research team likes to dig deeper and conduct a complete investigation. A license key is a place where a webmaster might not expect to find an infection, however, in this particular […]
OWASP Top 10 Security Risks – Part III
To bring awareness to what threatens the integrity of websites, we are continuing a series of posts on the OWASP top 10 security risks. The OWASP Top 10 list consists of the 10 most seen application vulnerabilities: Injection Broken Authentication Sensitive data exposure XML External Entities (XXE) Broken Access control Security misconfigurations Cross Site Scripting […]
Using Innocent Roles to Hide Admin Users
All across the internet, we find guides and tutorials on how to keep your WordPress site secure. Most of them approach the concept of user roles, but not many actually approach the capabilities of those roles. The way the capabilities are handled on WordPress makes it quite easy to change what each role is allowed […]
Hackers Change WordPress Siteurl to Pastebin
Last Friday, we reported on a hack that used a vulnerability in the popular WP GDPR Compliance plugin to change WordPress siteurl settings to erealitatea[.]net. At that time it was not clear who was behind the massive attack, since the erealitatea[.]net domain didn’t work and the infection simply broke the compromised sites. Our SiteCheck scanner […]
Erealitatea[.]net Hack Corrupts Websites with WP GDPR Compliance Plugin Vulnerability
We have noticed a growing number of WordPress-based sites that have had their URL settings changed to hxxp://erealitatea[.]net. Further investigations show that the issue is related to a security vulnerability in the WP GDPR Compliance plugin for WordPress (with 100,000+ active installations). The new General Data Protection Regulation (GDPR) laws in the EU have made […]
Saskmade[.]net Redirects
Earlier this week, we published a blog post about an ongoing massive malware campaign describing multiple infection vectors that it uses. This same week, we started detecting new modifications of the scripts injected by this attack. The general idea of the malware is the same, but the domain name and obfuscation has changed slightly. For […]
Multiple Ways to Inject the Same Tech Support Scam Malware
Last month, we shared information about yet another series of ongoing massive infections using multiple different vectors to inject malicious scripts into WordPress websites. Shortly after, the campaign changed the domain names used in its scripts. Now it mainly uses hotopponents[.]site and learningtoolkit[.]club. At the time of this writing, PublicWWW finds the most common patterns […]
