Check out various posts and articles interviewing the the team, or referencing Sucuri Security, our services, and tools.
As seen on TechCrunch, CNN, USA Today, CSO Online, CIO Magazine, PC World, SC Magazine, TechCrunch, TheNextWeb, BloggingTips and many others.
Since May, security company Sucuri has found serious security holes in WordPress plugins WPTouch (5,670,626 downloads), Disqus (1,400,003 downloads), All In One SEO Pack (19,152,355 downloads), and MailPoet Newsletters (1,894,474 downloads).
April 2014, LA Times
Heartbleed: Most of the Web’s top sites now immune to bug, firm says
Cyber security firm Sucuri Inc. said it scanned the top websites as ranked by Alexa Internet, a company that collects Web traffic data, to test how many of them remain vulnerable to Heartbleed, a bug that was recently discovered.
April 2014, re/code
The Heartbleed Bug Is Mostly Fixed, but Not Entirely
The folks at the Internet security firm Sucuri have done a systematic scan of the top million sites on the Internet as determined by Amazon’s Alexa, and according to its findings, as related in a blog post Thursday by its CTO Daniel Cid, there’s mostly good news, but some bad.
March 2014, CNET
DDoS attack is launched from 162,000 WordPress sites
Security firm Sucuri said hackers leveraged a well-known flaw in WordPress that allows an attack to be amplified by harnessing unsuspecting Web sites. It’s unclear which site was the victim of the cyberattack, but Sucuri said it was a “popular WordPress site” that went down for many hours.
March 2014, Ars Technica
Attackers trick 162,000 WordPress sites into launching DDoS attack
Our friends over at Sucuri posted an interesting blog regarding a Distributed Denial of Service attack (DDoS) where 162,000 WordPress sites were enlisted to attack a single website.
March 2014, Umbrella Security Labs
WordPress DDoS Visibility From OpenDNS
“Can you see how powerful it can be?” Sucuri CTO Daniel Cid wrote in a blog post published Monday. “One attacker can use thousands of popular and clean WordPress sites to perform their DDoS attack, while being hidden in the shadows, and that all happens with a simple ping back request to the XML-RPC file.”
February 2014, Entrepreneur Magazine
Sucuri ranked top 25 .net website by Entrepreneur Magazine!
Entrepreneur and Verisign came together to assemble the ranking, which is based on quantitative factors and the feedback from Entrepreneur’s audience of sophisticated, successful business owners.
Jul 2013, CSO Online
Attackers embedding backdoors into image files
Researchers at Sucuri, a firm focused on website security awareness and attack recovery, have discovered attackers using a known, but a rather uncommon method of maintaining access to an already compromised server: They’re hiding backdoors inside the headers of legitimate image files.
May 2013 – USA Today
Über stealthy malware infects Apache webservers
ESET and Sucuri teamed up to analyze the coding of bad guys who’ve begun using AVT malware, dubbed Linux/Cdorked.A, to seed infections onto hundreds of legit websites that rely on Apache webservers.
February 2013, Bloomberg
NBC.Com Back Online After Hackers Knocks Out Service
Hackers infected NBC.com with Citadel Trojan, a data- stealing malware that can spread to the machines of visitors, according to Tony Perez, chief operating officer of Sucuri Inc., which monitors websites and can remove malware.
February 2013, CNN Money
NBC hack infects visitors in ‘drive by’ cyberattack
The hack, which affected NBC.com and related sites for “Late Night with Jimmy Fallon” and “Jay Leno’s Garage,” infected visitors to the compromised sites with the Citadel Trojan.
February 2013, NBC News
NBC.com hacked, say security researchers
Tony Perez of Sucuri Blog independently confirmed the malware and added that exploits were found on other sites related to NBC.com, such as the site for Late Night with Jimmy Fallon. Until NBC or security researchers report otherwise, it’s best to avoid these sites for now.
February 2013, CNET
NBC Web site back up after hack attack
The hack caused Google to temporarly blacklist NBC.com, according to malware monitoring site Sucuri. The attack affected not only NBC’s main site but related sites, such as Late Night with Jimmy Fallon and Jay Leno’s Garage, Sucuri said in a blog post yesterday.
January 2013, CIO Magazine
Web Server Hackers Install Rogue Apache Modules and SSH Backdoors, Researchers Say
In many cases investigated by Sucuri, the server administrator had removed the rogue Apache module and changed his password, but the infection re-appeared a few days later, Cid said.
October 2012, CIO Magazine
Unprotected Apache server status pages put popular websites at risk
Sucuri researchers ran a test that involved crawling over 10 million websites and found hundreds of them that expose their server status pages to the whole world. The list of affected websites includes php.net, metacafe.com, disney.go.com, staples.com, nba.com, cisco.com, ford.com, apache.org and many others. Some of them have fixed the problem since Sucuri’s report, but many haven’t.
July 2012 – CNN
Yahoo password hack draws frustration, jokes
CNN Tech is not linking to the hackers’ Web page. But security firm Sucuri Labs has created a page with a tool it says will tell users whether their e-mail address was leaked.
July 2012 – NYTimes Bits
Yahoo Breach Extends Beyond Yahoo to Gmail, Hotmail, AOL Users
Sucuri, a company that checks for malware, set up a Web site, labs.sucuri.net/?yahooleak, that lets concerned users check if their account details were compromised in the breach.
July 2012 – USA Today
Give Your Passwords a Security Check-up
You can see if your account was among those compromised by checking your e-mail address at a page set by Sucuri Malware Labs, a Menifee, Calif., security vendor: http://labs.sucuri.net/?yahooleak.
Security firm Sucuri said that more than 100,000 Gmail addresses were included in the breach. The same firm created a script based on the leak that allows users to see if their account or password was among the ones leaked. You can go to http://labs.sucuri.net/?yahooleak and see if yours was one of them.
July 2012 – Huffington Post
Yahoo Password Check: Has Your Email Account Been Compromised?
So how can you tell if you’re among the hacked? Tech Crunch has pointed to the security source Sucuri, a web monitoring site, where users can verify whether they’re among the victims of the leak.
Click here to visit Sucuri and see if your own information was compromised.
July 2012 – Gizmodo
How to Check If Your Email Password Was One of 453,000 Leaked This Morning
Security company Sucuri has put together a tool to check if your email is included in the 400,000+. It also notes that you might want to check even if your account isn’t at Yahoo:
[Sucuri] notes that 135,599 emails came from yahoo.com; but that a further 106,185 came from gmail.com; 54,393 from hotmail.com; 24,677 from aol.com; 8,422 from comcast.net and 6,282 msn.com.
Meanwhile, Sucuri, the company that created the above script, also has started to analyst the breached list. It identified some of the most common domains in the hacking list, including the most common passwords, and further analysis on password length.
May 2012, CIO Magazine
PHP Patches Actively Exploited CGI Vulnerability
Security researchers from website integrity monitoring firm Sucuri Security also reported seeing successful CVE-2012-1823 exploitation attempts since the weekend that resulted in the targeted websites being compromised.
The attackers are first sending a malicious query that includes the “-s” php-cgi flag to test if the targeted websites are vulnerable and then installed a backdoor through a query with the “-d” flag, Sucuri’s chief technology officer, Daniel Cid…
Mar, 2012, CIO Magazine
WordPress Blogs Infected Distribute Rogue Antivirus
Sucuri researchers have also been tracking this scareware distribution campaign and found that a rogue WordPress plug-in called ToolsPack has been installed on many of the compromised blogs. The plug-in masquerades as a collection of WordPress administration tools, but in reality it contains a backdoor that attackers use to maintain their unauthorized access to the affected sites, Dede said.
Feb, 2012, PC World
How To Tell If A Link Is Safe Without Clicking On It
To scan the mysterious shortlinks you’ll often find on Twitter and Facebook, use Sucuri. Sucuri automatically expands the shortlink and draws upon a handful of services, such as Google, Norton SafeWeb, and PhishTank, to determine if the real link is safe.
Jun, 2011, Entrepreneur.com
How to Fend Off a New Kind of Cyber Attack
Smola recommends using a service like Sucuri Web Integrity Monitoring, which lets you know if malware is found on your website.
Dec, 2010, TechCrunch
Hackers Embed Spam Into Google Search Listings For Unsuspecting Sites
A security scanning company called Sucuri.net has made us aware of a new exploit that adds a unique module to many Apache web servers that will, under the right circumstances, return spam links to Google and certain browsers. This is, in short, one of the first targeted spam systems I’ve seen in the wild…
Dec, 2010, Blogging Tips
Sucuri – An Alarm and Recovery System for Your Website
Has your WordPress blog ever been hacked? Did the culprit somehow add a whole bunch of malicious content to your blog that you had no clue how to get rid of? It has happened to me and I’m sure it has happened to some of you as well. Next time you’re in a stressful situation like this, let Sucuri come to the rescue! If you’ve been a victim of blog hacking and malware or are just looking for some ongoing protection and monitoring for your site, they can help.
Nov, 2010, The NextWeb
Try This: Sucuri. Virus, Malware and DNS protection for your website
The idea is that Sucuri is somewhat like a malware scanner for your website. However, it also provides real-time monitoring of changes to your DNS, Whois and SSL settings. Considering the number of sites that we see which get DNS hijacked or otherwise taken over, this is becoming an important tool to have in your arsenal.
April, 2010, SC Magazine
WordPress Users Report Hacked Blogs
Sucuri recommended affected users “revert your siteurl back to the previous value. Log in to your control panel, go to ‘manage database,’ and edit the siteurl value on ‘wp-option table.’”.