Since 2003, October has been recognized as National Cybersecurity Awareness Month. It is an annual campaign to raise awareness about the importance of cybersecurity and being a better digital citizen. October has just started and a majority of security companies…
A new remote code execution (RCE) zero-day vulnerability has been disclosed by an anonymous researcher on the Full Disclosure mailing list this past Monday. This vulnerability is extremely severe. It allows any website visitors to run PHP code and shell commands…
At Sucuri, we’re often asked how website owners and webmasters can secure their websites. However, most advice can often be too broad; different content management systems (CMS) exist in this ecosystem, and each requires a unique security configuration. This is…
Once an attacker manages to hack and gain access to a target site or system, they typically work hard to maintain their access—as long as it can to help them achieve their goals. You can think of it like having…
Single sign-on (SSO) allows users to sign into a single account (e.g Google) and access other services like YouTube or Gmail without authenticating with a separate username and password. This feature also extends to third party services such as the…
We recently released an update to our Labs Knowledgebase for new plugins that had been targeted during the month of July 2019. One of these newly targeted plugins was Advanced Booking Calendar — and it didn’t take long before we…
In the past four months, Sucuri has seen an increase in the number of plugins affected by the misuse of WordPress’ update_option() function. This function is used to update a named option/value in the options database table. If developers do…
Last week, WordPress released version 5.2.3 which was a security and maintenance update, and as such, contained many security fixes. Part of our day to day work is to analyse these security releases, discover what security issue it is fixing…