Attackers are always looking for new ways to conceal their malware and evade detection, whether it’s through new forms of obfuscation, concatenation, or — in this case — unorthodox use of image file extensions. One of the most common backdoors that we have observed over the last few months has been designed to evade detection by placing the payload in an image file and requiring some additional tricks to unlock it.
In this post we’ll explore how this backdoor works, what sorts of malware we’ve seen in conjunction with it, as well as how to prevent your website from becoming infected.
Continue reading Konami Code Backdoor Concealed in Image at Sucuri Blog.
Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises.
To help educate website owners on emerging threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this past month.
The vulnerabilities listed below are virtually patched by the Sucuri Firewall and existing clients are protected.
Continue reading WordPress Vulnerability & Patch Roundup January 2023 at Sucuri Blog.
Did you just try to access your site and encounter a Deceptive Site Ahead warning? This error message occurs when the browser believes your website is unsafe and experiencing security issues — and it can seriously affect your traffic and reputation.
When this warning appears on your site, you’ll want to address it as soon as possible to ensure that your site (and visitors) are protected from phishing and other social engineering attacks.
Continue reading How to Fix the “Deceptive Site Ahead” Warning at Sucuri Blog.
Every so often attackers register a new domain to host their malware. In many cases, these new domains are associated with specific malware campaigns, often related to redirecting legitimate website traffic to third party sites of their choosing — including tech support scams, adult dating, phishing, or drive-by-downloads.
Since late December, our team has been tracking a new spike in WordPress website infections related to the following malicious domain: track[.]violetlovelines[.]com
PublicWWW results show over 4,500 websites impacted by this malware at the time of writing, while urlscan.io shows evidence of the campaign operating since December 26th, 2022.
Continue reading Massive Campaign Uses Hacked WordPress Sites as Platform for Black Hat Ad Network at Sucuri Blog.
Vulnerabilities within WordPress can lead to compromise, and oftentimes known vulnerabilities are utilized to infect WordPress sites with more than one infection. It is common for out of date websites to be attacked by multiple threat actors or targeted by the same attacker using multiple different channels.
We recently came across a database injection that has two different pieces of malware accomplishing two unrelated goals. The first injection redirects users to a spammy sports website and the second injection boosts authority of a spammy casino website within search engines.
Continue reading Vulnerable WordPress Sites Compromised with Different Database Infections at Sucuri Blog.
According to W3Techs, 43.2% of all websites on the internet use WordPress. And of all websites that use a CMS (Content Management System) more than half (64%) leverage WordPress to power their blog or website. Unfortunately, since WordPress has such a large market share it has also become a prime target for attackers.
You might be wondering whether WordPress is safe to use. And the short answer is yes — WordPress core is safe to use, but only if you maintain it to the latest version and employ some additional protections on the admin login page.
Continue reading Is WordPress Secure? at Sucuri Blog.