Authored by Daniel & Tony We are happy to announce that as of today Sucuri will be joining the GoDaddy family. This acquisition will bring the best of both worlds. It will allow us to expand our product-line to all GoDaddy customers, while also remaining true to our foundation supporting all our current and future…
In a previous post, we illustrated how attackers were fetching information from compromised sites under their control to display spam content on other hacked websites. By adding malicious files into a directory and using the victim’s database structure, attackers were able to inject ads and promote their products.
Just over a week ago, WordPress released version 4.7.3 to patch multiple security issues. Despite the automatic update feature provided by many hosting companies, there are still many WordPress websites that have not been updated.
Security Risk: Low Exploitation Level: Hard / Requires at least Contributor privileges DREAD Score: 4/10 Vulnerability: Stored XSS Patched Version: 4.7.3 As you might remember, we recently blogged about a critical Content Injection Vulnerability in WordPress which allowed attackers to deface vulnerable websites.
Attackers are constantly developing new techniques to compromise ecommerce websites and steal sensitive data. Over the last several weeks, we tracked massive attacks against Magento sites where attackers are injecting malicious scripts that create functions designed to steal credit card information. This technique is not restricted to Magento core files.
Everyone has received a phishing scam via email at one point or another. Thanks to modern anti-spam technology, most of these messages are blocked from ever reaching our inboxes. I said most of them.
In the past, we have seen a massive amount of vBulletin websites compromised through the VBSeo Vulnerability. Attackers have been infecting vBulletin websites since 2012 with this malware, and more recently with a new variation of the same infection.