As a child, I loved sending secret messages to my friends using invisible ink. A quick squeeze of lemon juice was all I needed to jot down my secret message. When combined with a simple heat source (I used the Continue reading What is Steganography? (Or, How Hackers Hide Malware On Websites)
Attackers are always finding new and creative ways to compromise websites and maintain their foothold in environments. This is frequently done via the use of backdoors: PHP scripts designed to allow attackers access and control even after you’ve changed your Continue reading Massive Abuse of an Abandoned Eval PHP WordPress Plugin
Our team at Sucuri has been tracking a massive WordPress infection campaign since 2017 — but up until recently never bothered to give it a proper name. Typically, we refer to it as an ongoing long lasting massive WordPress infection Continue reading Balada Injector: Synopsis of a Massive Ongoing WordPress Malware Campaign
Education is crucial in defending your website against emerging threats. That’s why we are thrilled to share our 2022 Website Threat Research Report. Disseminating this information to the community helps educate website owners about the latest trends and threats. This Continue reading Hacked Website Threat Report – 2022
Disclaimer: The malware infection described in this article does not affect the software plugin or payment gateway as a whole, and does not indicate any vulnerabilities or security flaws within Authorize.net itself nor WooCommerce or any associated WooCommerce plugin extensions. Continue reading WooCommerce Credit Card Skimmer Reveals Tampered Gateway Plugin
Symptoms of a hack can vary wildly. A concerning security alert from Google, a browser warning when you visit your site, or even a notice from your hosting provider that they’ve taken down your website — all of these events Continue reading Is My Site Hacked? (13 Signs)
Malicious cron jobs are nothing new; we’ve seen attackers use them quite frequently to reinfect websites. However, in recent months we’ve noticed a distinctive new wave of these infections that appears to be closely related to this article about a Continue reading Attackers Abuse Cron Jobs to Reinfect Websites
Nulled WordPress themes and plugins are a controversial topic for many in the web development world — and arguably one of the bigger threats to WordPress security. Essentially modified versions of official WordPress themes and plugins with their licensing restrictions Continue reading The Dangers of Installing Nulled WordPress Themes and Plugins
Late last year we reported on a malware campaign targeting thousands of WordPress websites to redirect visitors to bogus Q&A websites. The sites themselves contained very little useful information to a regular visitor, but — more importantly — also contained Continue reading Bogus URL Shorteners Redirect Thousands of Hacked Sites in AdSense Fraud Campaign
Attackers are always looking for new ways to conceal their malware and evade detection, whether it’s through new forms of obfuscation, concatenation, or — in this case — unorthodox use of image file extensions. One of the most common backdoors Continue reading Konami Code Backdoor Concealed in Image
Every so often attackers register a new domain to host their malware. In many cases, these new domains are associated with specific malware campaigns, often related to redirecting legitimate website traffic to third party sites of their choosing — including Continue reading Massive Campaign Uses Hacked WordPress Sites as Platform for Black Hat Ad Network
Vulnerabilities within WordPress can lead to compromise, and oftentimes known vulnerabilities are utilized to infect WordPress sites with more than one infection. It is common for out of date websites to be attacked by multiple threat actors or targeted by Continue reading Vulnerable WordPress Sites Compromised with Different Database Infections
Since 2018, our team has been tracking an interesting type of website infection where the tag of a hacked website is changed to Chinese text — changes which are clearly seen in the website’s search results and source code. However, Continue reading Chinese Gambling Spam Targets World Cup Keywords
On November 15th, Ben Martin reported a new type of WordPress infection resulting in the injection of SocGholish scripts into web pages. The attack loads zipped malicious templates from WordPress theme and fake plugins files before extracting the SocGholish script, Continue reading New Wave of SocGholish cid=27x Injections
Most modern web browsers and search authorities like Google have a vested interest in protecting their users from malware. Warning messages like “This site may harm your computer” are a clear way for services to educate and protect end users Continue reading How to Fix the “This Site May Harm Your Computer” Warning
Consumers spent a whopping $33.9 billion during Cyber Week last year. With the average adult spending $430 on Black Friday alone, this period remains one of the biggest online shopping events of the year. Unfortunately, hackers are making bank alongside Continue reading Black Friday & Cyber Monday Ecommerce Security Threats
There appears to be a general misunderstanding among internet users about the difference between malware and viruses. The two terms are often used interchangeably — and to an extent, this is perfectly fine. But in today’s article, we’ll be clarifying Continue reading Malware vs Virus: What’s the Difference?
Malware authors, with some notable exceptions, tend to design their malicious code to hide from sight. The techniques they use help their malware stay on the victim’s website for as long as possible and ensure execution. For example — obfuscation Continue reading Wordfence Evasion Malware Conceals Backdoors
Imagine for a moment that you’re searching for a topic. You find what you’re looking for on the first page of Google’s search results and click through to the website. But instead of the expected web page, you find yourself Continue reading What is the 503 Service Unavailable Error & How to Fix It
A malware attack is the act of injecting malicious software to infiltrate and execute unauthorized commands within a victim’s system without their knowledge or authorization. The objectives of such an attack can vary – from stealing client information to sell Continue reading What is a Malware Attack?