Critical RCE Vulnerability in Elementor WordPress Plugin
Security Risk: High Exploitation Level: Easy CVSS Score: 9.9 Vulnerability: Remote code execution (RCE) Patched Version: 3.6.3 On April 12th, an important security update was released for the Elementor plugin patching a critical remote code vulnerability which allows all authenticated users, including subscribers, to upload and execute arbitrary PHP code on a vulnerable website. This […] more…
Sucuri WordPress Plugin += Sucuri WAF
Sucuri has always been a dedicated supporter of the WordPress community. Our free plugin was one of our first contributions to WordPress security (before bootstrapping our efforts into our WAF/CDN, Backups, and Malware Remediation services). However, over my many years involved in web application security, I’ve found that one of the most evasive aspects of […] more…
The Case for 2FA by Default for WordPress
Administrator panel compromises are one of the most common attacks that everyday WordPress website admins face. We work with thousands of clients who have encountered attacks on their websites and I’ve long ago lost count of the number of times that I’ve told clients that the point of entry was their WordPress login page. Brute […] more…
WordPress Overtakes Magento in Credit Card Skimmers
One of the most important monitoring tools in our security platform is our Sucuri SiteCheck scanner. It’s a free tool to scan your website for known malicious content and malware injections. The usage of SiteCheck also allows us to monitor trends in the website security landscape, and one of the things that it can spot […] more…
WordPress Popunder Malware Redirects to Scam Sites
Over the last year we’ve seen an ongoing malware infection which redirects website visitors to scam sites. So far this year our monitoring has detected over 3,000 websites infected with this injection this year and over 17,000 in total since we first detected it in March of 2021. The reported behaviour is always the same: […] more…
New Wave of AnonymousFox Cron Jobs
Recently our Remediation and Research teams have noticed a new wave of malicious cron jobs associated with the notorious AnonymousFox malware. The cron jobs are purpose-built to reinfect the victim websites and make removal of the infection more cumbersome and time-consuming. In this post we’ll investigate one of these malicious cron jobs, describe what it […] more…
Top 5 Topics to Discuss with Clients About Website Security
If you’re a website developer or server administrator it’s always a good idea to inform your clients about the basics in terms of their website’s security, and the inherent need for cautious security practices. Attacks and the methods of gaining access to a web server are always evolving, so it’s always in a client’s best […] more…
The Mystery Admin User
One of our clients recently submitted a malware removal request with a curious problem: A mystery admin user kept getting re-created on their website. Try as they might, nothing they did would get rid of this user; it just kept coming back. A suspicious “user” that just won’t go away… It was suspiciously generic, named […] more…
What are the Best Security Testing Tools (Open Source)?
Seeking a reliable security testing tool can be overwhelming, given how large the opsec environment has grown over these last few years. Given how large things have grown, it’s become common to overcharge people in the industry for security services provided. Due to this factor, it’s very beneficial for any small business or organization to […] more…
How to Fix the specialadves WordPress Redirect Hack
Attackers are regularly exploiting vulnerable plugins to compromise WordPress websites and redirect visitors to spam and scam websites. This has been an ongoing campaign for multiple years. Payload domains are regularly swapped out and updated, but the objective remains largely the same: trick unsuspecting users into clicking on malicious links to propagate adware and push […] more…
Attackers Abuse Poorly Regulated Top-Level Domains in Ongoing Redirect Campaign
One of the more common infections that we see are site-wide redirects to spam and scam sites, achieved by attackers exploiting newly found vulnerabilities in popular WordPress plugins. If you’ve ever been redirected to a page that looks something like this, then you’ve fallen victim to such an attack: Once the user clicks through the […] more…
Adobe Patches Critical RCE Vulnerability in Magento2
On Sunday, February 13th, Adobe pushed an emergency update to their Magento2 ecommerce software patching a critical unauthenticated remote code execution vulnerability. It is marked as CVE-2022-24086 with a CVSS score of 9.8. Website administrators of Magento stores should patch immediately. Shop owners of Magento 2.3 or 2.4 stores can find the patch to install […] more…
How do I secure WordPress Websites for Free?
Protecting Content Management Systems (CMS) installed on a hosting server is crucial in today’s ever-growing world wide web, but how to I protect my WordPress website on a tight budget? There are tons of options available on this front, but it can be overwhelming to make the right decision in website protection that fits into […] more…
How to Choose a Security Plugin That’s Right for Your Website
Finding the perfect security plugin for your website is important, but it’s also crucial you find the proper one that suits your needs. WordPress plugins are a dime a dozen, so we’ll be discussing how to narrow your options and what to look for in a reliable plugin so you can safely install it on […] more…
Top 10 Security Tips to Keep Your WordPress Site Healthy
As we go through the winter months and whether changes, many of us go to our local pharmacy and take advantage of a flu shot. We do this because maybe we have had the flu before and the second of pain from the jab is nothing in comparison to the hours and days of sickness […] more…
How to Get Rid of the Most Common Types of SEO Spam
What is SEO Spam? SEO spam is what attackers will inject into a website to attempt to use your SEO ranking for something else not ranked otherwise that will further the attackers’ objective. They spam and destroy the website while trying to generate revenue or achieve some other goal. Due to this, generally, the website […] more…
2017 Antivirus News | Powered by WordPress |
Fluxipress Theme
| Show My IP Address, check blacklists
| Free Favicon, Android and Apple Icon Generator
| Bitcoin and Crypto Currency News
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish.Accept Read More Privacy & Cookies Policy