Highlights for June 2020
- Cross site scripting is still the most common vulnerability in WordPress Plugins. Bad actors are taking advantage of the lack of restrictions in critical functions and issues surrounding user input data sanitization.
- Massive local file inclusion (LFI) attempts have been discovered attempting to harvest WordPress and Magento credentials.
- Attackers continue to target old plugins with known vulnerabilities in an ongoing malware campaign targeting WordPress websites.
Continue reading Vulnerabilities Digest: June 2020 at Sucuri Blog.
One widespread belief among webmasters is that attackers typically only compromise websites in a couple of ways: by exploiting vulnerabilities or stealing login credentials.
Although these are certainly two of the more common attack vectors, another method is often overlooked — but the result is just as hazardous. Whenever an attacker can successfully trick a website owner into installing a backdoor on their website, they are able to accomplish the exact same goal: unauthorized access.
Continue reading Pirated WordPress Plugins Bundled with Backdoors at Sucuri Blog.
We are happy to announce that we have launched Sucuri Academy to offer free website security courses.
Our main goal at Sucuri is to make the internet a safer place. One of our investments is creating the best educational content about website security to share our knowledge with the community. With that in mind, we have decided to launch our free courses.
You can learn about website security, test your knowledge with our quizzes, and get a free certificate at the end of each course.
Continue reading Sucuri Academy: Free Website Security Courses at Sucuri Blog.
It’s a well-known fact that website backups are important for mitigating a plethora of site issues. They can help restore a site after a compromise or even facilitate the investigative process by providing a clean code base to compare the current site state to.
However, if a backup is not set up correctly, it can have the opposite effect — and may instead impose a security threat to your website.
For example, we often find webmasters maintaining old copies of a site within a subdirectory of their main site.
Continue reading Dangerous Website Backups at Sucuri Blog.
Malware comes in many different varieties. Analyst Krasimir Konov is on this month’s Sucuri Sit-Down to help keep them all straight. From malicious iframes to SEO spam, join host Justin Channell as he racks Krasimir’s brain on all the different types of malware.
Also, Krasimir discusses his recent blog post about a malicious cURL downloader, and Justin breaks down the latest website security news, including patched plugins you should update.
Justin Channell: Hello, and welcome to the Sucuri Sit Down.
Continue reading Sucuri Sit-Down Episode 2: Malware Types Explained with Krasimir Konov at Sucuri Blog.