Privilege Escalation Flaw In WP GDPR Compliance Plugin Exploited In The Wild

After its removal from the WordPress plugin repository yesterday, the popular plugin WP GDPR Compliance released version 1.4.3, an update which patched multiple critical vulnerabilities. At the time of this writing, the plugin has been reinstated in the WordPress repository and has over 100,000 active installs. The reported vulnerabilities allow unauthenticated attackers to achieve privilege escalation,... Read More
 

10 Tips to Improve Your Website Security

Having a website has become easier than ever due to the proliferation of great tools and services in the web development space. Content management systems (CMS) like WordPress, Joomla!, Drupal, Magento, and others allow business owners to build an online presence rapidly. The CMS’s highly extensible architectures, rich plugins, and effective modules have reduced the... Read More
 

New WordPress Security Email Course

Recent statistics show that over 32% of website administrators across the web use WordPress. Unfortunately, the CMSs popularity comes at a price — attackers often seek out vulnerabilities to exploit and target unhardened WordPress sites. If a site is compromised, it often becomes the host of malicious malware or spam campaigns, harming your website’s reputation... Read More
 

Website Security Tips for Marketers

In our previous post, we have discussed why marketers should have a proactive approach to website security. Today we are going to discuss some security tips marketers can put into practice. In the simplest terms, website security means three things here at Sucuri: Protecting your website from compromises. Monitoring for issues so you can react... Read More
 

Web Marketers Should Learn Security

Most online marketers think of themselves as T-shaped individuals. The theory behind this concept is that individuals possess a wide range of skills, with some abilities running deeper than others. Website security awareness is in short supply and we need more champions — especially among small and medium-sized businesses. Digital marketers are in a prime... Read More
 

Saskmade[.]net Redirects

Earlier this week, we published a blog post about an ongoing massive malware campaign describing multiple infection vectors that it uses. This same week, we started detecting new modifications of the scripts injected by this attack. The general idea of the malware is the same, but the domain name and obfuscation has changed slightly. For... Read More
 

OWASP Top 10 Security Risks – Part II

It is National Cyber Security Awareness Month and in order to bring awareness to what threatens the integrity of websites, we have started a series of posts on the OWASP top 10 security risks. The OWASP Top 10 list consists of the 10 most seen application vulnerabilities: Injection Broken Authentication Sensitive data exposure XML External... Read More
 

Multiple Ways to Inject the Same Tech Support Scam Malware

Last month, we shared information about yet another series of ongoing massive infections using multiple different vectors to inject malicious scripts into WordPress websites. Shortly after, the campaign changed the domain names used in its scripts. Now it mainly uses hotopponents[.]site and learningtoolkit[.]club. At the time of this writing, PublicWWW finds the most common patterns... Read More