WordPress Database Brute Force and Backdoors

WordPress Database Brute Force and Backdoors

We regularly talk about brute force attacks on WordPress sites and explain why WordPress credentials should always be unique, complex, and hard to guess. However, the WordPress login is not the only ...
How Passwords Get Hacked - Sucuri Security

What is Cross-Site Contamination?

How many websites do you currently have on your server? If the answer is something along the lines of, “One that I really care about, some older ones that I don’t really ...
Vulnerable Versions of Adminer as a Universal Infection Vector

Vulnerable Versions of Adminer as a Universal Infection Vector

This past week, we’ve been monitoring a new wave of website infections mostly impacting WordPress and Magento websites. We found that hackers have been injecting scripts from scripts.trasnaltemyrecords[.]com into multiple files and ...
Autoloaded Server-Side Swiper

Autoloaded Server-Side Swiper

Front-end JavaScript-based credit card stealing malware has garnered a lot of attention within the security community. This makes sense, since the “swipers” can be easily detected by simply scanning the web pages ...
What is Cross-Site Contamination & How to Prevent It

How to Prevent Cross-Site Contamination for Beginners

What is Cross-Site Contamination? Cross-site contamination happens when a hacked site infects other sites on a shared server. Think of it as your kid in daycare catching the flu, next thing you ...
Cryptominers: Binary-Process-Cron Variants and Methods of Removal

Cryptominers: Binary-Process-Cron Variants and Methods of Removal

This post provides a brief overview of how to manually remove server-side cryptominers and other types of Binary-Process-Cron malware from a server. Unlike browser-based JavaScript cryptominers that have been injected into a ...