Sucuri

Pierluigi Paganini February 26, 2015
More than 1 Million WordPress websites are vulnerable to blind SQL Injection Attacks

A security bug in the WordPress plugin WP-Slimstat could be exploited by attackers to discover a “secret” key and use it to run blind SQL Injections. More than one million WordPress sites are potentially vulnerable to SQL injection attacks due to the presence of a critical flaw in the popular plugin WP-Slimstat. WP-Slimstat is an analytics plugin for […]

Pierluigi Paganini February 11, 2015
Exploiting Vulnerabilities in WordPress plugins, a cybercrime trend

A serious vulnerability in the FancyBox WordPress plugin makes it easy for a hacker to compromise any website based on the popular CMS. Last week SecurityWeek reported about another a zero-day flaw found in a WordPress plugin. This time, a new vulnerability found in the popular FancyBox for WordPress plugin could be exploited to inject […]

Pierluigi Paganini January 08, 2015
Sucuri firm discovered Backdoors relying on the Pastebin Service

The popular copy and paste website Pastebin has been leveraged by hackers to serve a backdoor to millions of users by exploiting flaws in a WordPress plugin. Malware authors have demonstrated a great inventiveness using any kind of platform and technique to control their malicious code. Security experts have detected botnet controlled via Gmail drafts, Evernote or […]

Pierluigi Paganini December 15, 2014
SoakSoak Malware infected more than 100,000 WordPress Websites

Google blacklisted over 11000 domains that were infected with this SoakSoak malware which redirect user traffic and download malicious payloads on targets. WordPress is one of the most popular content management system (CMS) with more than 70 million websites on the Internet. For this reason, it is under continuous attack by threat actors that try to […]

Pierluigi Paganini September 13, 2014
A Brazilian newspaper site used in server malware to change Router DNS Settings

A Brazilian newspaper’s website has been hacked to serve a malware that tries to change the victim’s router DNS settings brute forcing the admin panel. A Brazilian political newspaper’s website has been compromised with malware that tries to change the victim’s router DNS settings. The security firm Securi has published a blog post on a […]

Pierluigi Paganini July 24, 2014
Thousands of WordPress Sites hacker through MailPoet flaw

Security experts at Sucuri form have observed a surge of cyber attacks against WordPress website which are using not updated version of MailPoet plugin. A large scale attack has hit more than 50,000 websites, the attacker exploited a recently patched vulnerability in a popular plugin for the WordPress CMS. Early July, experts at security firm Sucuri discovered […]

Pierluigi Paganini June 01, 2014
15 million WordPress instances run flawed SEO plugin. Fix it!

Security researchers at Sucuri firm have discovered multiple serious vulnerabilities in the popular ‘All In One SEO Pack’ plugin for WordPress. WordPress in one of most targeted CMS platforms due its large diffusion, attackers are able to compromise victim instance exploiting flaws in outdated version or in vulnerable plugins . The Netcraft internet services company, in […]

Pierluigi Paganini March 12, 2014
162,000 WordPress instances abused for DDoS attack

Sucuri firm detected a large DDOS attack that leveraged thousands of unsuspecting WordPress websites as indirect amplification vectors. The security community is threatened by a new botnet composed at least 162,000 WordPress-powered websites abused to run DDoS attacks. The technique of attack allows to flood a target with requests sent by WordPress servers that received a […]