GoDaddy+= Sucuri: Building a Security Platform For Every Website Owner

Authored by Daniel & Tony We are happy to announce that as of today Sucuri will be joining the GoDaddy family. This acquisition will bring the best of both worlds. It will allow us to expand our product-line to all GoDaddy customers, while also remaining true to our foundation supporting all our current and future…

visit Sucuri Blog

Malicious Subdirectories Strike Again

In a previous post, we illustrated how attackers were fetching information from compromised sites under their control to display spam content on other hacked websites. By adding malicious files into a directory and using the victim’s database structure, attackers were able to inject ads and promote their products.

visit Sucuri Blog

SEO Spam Campaign Exploiting WordPress REST API Vulnerability

Just over a week ago, WordPress released version 4.7.3 to patch multiple security issues. Despite the automatic update feature provided by many hosting companies, there are still many WordPress websites that have not been updated.

visit Sucuri Blog

Stored XSS in WordPress Core

Security Risk: Low Exploitation Level: Hard / Requires at least Contributor privileges DREAD Score: 4/10 Vulnerability: Stored XSS Patched Version: 4.7.3 As you might remember, we recently blogged about a critical Content Injection Vulnerability in WordPress which allowed attackers to deface vulnerable websites.

visit Sucuri Blog

SF9 Realex Magento Module Targeted by Credit Card Scrapers

Attackers are constantly developing new techniques to compromise ecommerce websites and steal sensitive data. Over the last several weeks, we tracked massive attacks against Magento sites where attackers are injecting malicious scripts that create functions designed to steal credit card information. This technique is not restricted to Magento core files.

visit Sucuri Blog

Bank Phishing Incident Analysis

Everyone has received a phishing scam via email at one point or another. Thanks to modern anti-spam technology, most of these messages are blocked from ever reaching our inboxes. I said most of them.

visit Sucuri Blog

Vbulletin Used to Show Malicious Advertisements

In the past, we have seen a massive amount of vBulletin websites compromised through the VBSeo Vulnerability. Attackers have been infecting vBulletin websites since 2012 with this malware, and more recently with a new variation of the same infection.

visit Sucuri Blog