Analysis of the Massive NDSW/NDSX Malware Campaign

Recently, Avast’s researchers Pavel Novák and Jan Rubín posted a detailed writeup about the “Parrot TDS” campaign involving more than 16,500 infected websites. Such massive infections don’t go unnoticed by Sucuri and we immediately recognized that the infection in their writeup belonged to the campaign we internally refer to as “ndsw/ndsx” malware. We’ve been tracking… Continue reading Analysis of the Massive NDSW/NDSX Malware Campaign

Vulnerability & Patch Round-up — May 2022

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. We’ve compiled a list of some important security updates and vulnerability patches for the WordPress ecosystem for May, 2022. Critical Privilege Escalation Vulnerability in Jupiter and JupiterX… Continue reading Vulnerability & Patch Round-up — May 2022

Massive WordPress JavaScript Injection Campaign Redirects to Ads 

Our remediation and research teams regularly find malicious redirects on client sites. These infections automatically redirect site visitors to third-party websites with malicious resources, scam pages, or commercial websites with the intention of generating illegitimate traffic. As outlined in our latest hacked website report, we’ve been tracking a long-lasting campaign responsible for injecting malicious scripts… Continue reading Massive WordPress JavaScript Injection Campaign Redirects to Ads 

Vulnerability Roundup – April 2022

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners on emerging threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this… Continue reading Vulnerability Roundup – April 2022