Home | News | Sucuri Security News (page 24)

Sucuri Security News

Website Application Firewalls (WAF) – Practical Approach to Website Security

In 2016, I shared some thoughts about firewalls in general; their history and purpose in the information security domain. The point of the article was to help website owners differentiate between the types of firewalls they might encounter. Today, I will shift my focus specifically to website application firewalls (WAF). WAFs are not new, but have been traditionally deployed by ...

Read More »

Content Injection Vulnerability in WordPress

As part of a vulnerability research project for our Sucuri Firewall (WAF), we have been auditing multiple open source projects looking for security issues. While working on WordPress, we discovered a severe content injection (privilege escalation) vulnerability affecting the REST API. This vulnerability allows an unauthenticated user to modify the content of any post or page within a WordPress site. ...

Read More »

Spotlight: Website Security Response for Photographers

It takes a lot of bravery to create a small business. Putting yourself out there and taking risks is not for the faint of heart. Having a website is just one aspect of your business, but it’s an important one. A website helps you develop a brand identity, communicate the value of your offerings, and attract new customers. These days, ...

Read More »

Fake bb_press Plugin Redirects to Mobile Pornography

When a website is hacked, we often find that attackers have injected multiple backdoors, web shells, and malicious code that allows them to regain access if the original vulnerability is patched. This allows hackers to continue abusing the website and server resources. One of the techniques they use is to add fake extensions that perform various malicious activities. In this ...

Read More »