Our Story

Sucuri In the Media

Check out various posts and articles interviewing the the team, or referencing Sucuri Security, our services, and tools.

As seen on TechCrunch, CNN, USA Today, CSO Online, CIO Magazine, PC World, SC Magazine, TechCrunch, TheNextWeb, BloggingTips and many others.

ZDNet LogoJuly 2014, ZDNet
Sucuri has discovered critical WordPress plugin vulnerabilities affecting nearly 20 million downloads.

Since May, security company Sucuri has found serious security holes in WordPress plugins WPTouch (5,670,626 downloads), Disqus (1,400,003 downloads), All In One SEO Pack (19,152,355 downloads), and MailPoet Newsletters (1,894,474 downloads).

LA TimesApril 2014, LA Times
Heartbleed: Most of the Web’s top sites now immune to bug, firm says

Cyber security firm Sucuri Inc. said it scanned the top websites as ranked by Alexa Internet, a company that collects Web traffic data, to test how many of them remain vulnerable to Heartbleed, a bug that was recently discovered.

Recode.netApril 2014, re/code
The Heartbleed Bug Is Mostly Fixed, but Not Entirely

The folks at the Internet security firm Sucuri have done a systematic scan of the top million sites on the Internet as determined by Amazon’s Alexa, and according to its findings, as related in a blog post Thursday by its CTO Daniel Cid, there’s mostly good news, but some bad.

CNETMarch 2014, CNET
DDoS attack is launched from 162,000 WordPress sites

Security firm Sucuri said hackers leveraged a well-known flaw in WordPress that allows an attack to be amplified by harnessing unsuspecting Web sites. It’s unclear which site was the victim of the cyberattack, but Sucuri said it was a “popular WordPress site” that went down for many hours.

Ars TechnicaMarch 2014, Ars Technica
Attackers trick 162,000 WordPress sites into launching DDoS attack

Our friends over at Sucuri posted an interesting blog regarding a Distributed Denial of Service attack (DDoS) where 162,000 WordPress sites were enlisted to attack a single website.

Umbrella Security LabsMarch 2014, Umbrella Security Labs
WordPress DDoS Visibility From OpenDNS

“Can you see how powerful it can be?” Sucuri CTO Daniel Cid wrote in a blog post published Monday. “One attacker can use thousands of popular and clean WordPress sites to perform their DDoS attack, while being hidden in the shadows, and that all happens with a simple ping back request to the XML-RPC file.”

EntrepreneurFebruary 2014, Entrepreneur Magazine
Sucuri ranked top 25 .net website by Entrepreneur Magazine!

Entrepreneur and Verisign came together to assemble the ranking, which is based on quantitative factors and the feedback from Entrepreneur’s audience of sophisticated, successful business owners.

Jul 2013, CSO Online
Attackers embedding backdoors into image files

Researchers at Sucuri, a firm focused on website security awareness and attack recovery, have discovered attackers using a known, but a rather uncommon method of maintaining access to an already compromised server: They’re hiding backdoors inside the headers of legitimate image files.

May 2013 – USA Today
Über stealthy malware infects Apache webservers

ESET and Sucuri teamed up to analyze the coding of bad guys who’ve begun using AVT malware, dubbed Linux/Cdorked.A, to seed infections onto hundreds of legit websites that rely on Apache webservers.

BloombergFebruary 2013, Bloomberg
NBC.Com Back Online After Hackers Knocks Out Service

Hackers infected with Citadel Trojan, a data- stealing malware that can spread to the machines of visitors, according to Tony Perez, chief operating officer of Sucuri Inc., which monitors websites and can remove malware.

CNN MoneyFebruary 2013, CNN Money
NBC hack infects visitors in ‘drive by’ cyberattack

The hack, which affected and related sites for “Late Night with Jimmy Fallon” and “Jay Leno’s Garage,” infected visitors to the compromised sites with the Citadel Trojan.

NBC NewsFebruary 2013, NBC News hacked, say security researchers

Tony Perez of Sucuri Blog independently confirmed the malware and added that exploits were found on other sites related to, such as the site for Late Night with Jimmy Fallon. Until NBC or security researchers report otherwise, it’s best to avoid these sites for now.

CNETFebruary 2013, CNET
NBC Web site back up after hack attack

The hack caused Google to temporarly blacklist, according to malware monitoring site Sucuri. The attack affected not only NBC’s main site but related sites, such as Late Night with Jimmy Fallon and Jay Leno’s Garage, Sucuri said in a blog post yesterday.

January 2013, CIO Magazine
Web Server Hackers Install Rogue Apache Modules and SSH Backdoors, Researchers Say

In many cases investigated by Sucuri, the server administrator had removed the rogue Apache module and changed his password, but the infection re-appeared a few days later, Cid said.

MacVoices TVJanuary 2013, NMX BlogWorld

Sucuri Co-Founder Dre Armeda interviewed by Chuck Joiner

October 2012, CIO Magazine
Unprotected Apache server status pages put popular websites at risk

Sucuri researchers ran a test that involved crawling over 10 million websites and found hundreds of them that expose their server status pages to the whole world. The list of affected websites includes,,,,,,, and many others. Some of them have fixed the problem since Sucuri’s report, but many haven’t.

CNN July 2012 – CNN
Yahoo password hack draws frustration, jokes

CNN Tech is not linking to the hackers’ Web page. But security firm Sucuri Labs has created a page with a tool it says will tell users whether their e-mail address was leaked.

NYTimes July 2012 – NYTimes Bits
Yahoo Breach Extends Beyond Yahoo to Gmail, Hotmail, AOL Users

Sucuri, a company that checks for malware, set up a Web site,, that lets concerned users check if their account details were compromised in the breach.

July 2012 – USA Today
Give Your Passwords a Security Check-up

You can see if your account was among those compromised by checking your e-mail address at a page set by Sucuri Malware Labs, a Menifee, Calif., security vendor:

ABC News July 2012 – ABC News

Yahoo Password Breach Includes Gmail, Hotmail and AOL Users

Security firm Sucuri said that more than 100,000 Gmail addresses were included in the breach. The same firm created a script based on the leak that allows users to see if their account or password was among the ones leaked. You can go to and see if yours was one of them.

Huffington Post July 2012 – Huffington Post
Yahoo Password Check: Has Your Email Account Been Compromised?

So how can you tell if you’re among the hacked? Tech Crunch has pointed to the security source Sucuri, a web monitoring site, where users can verify whether they’re among the victims of the leak.

Click here to visit Sucuri and see if your own information was compromised.

Gizmodo July 2012 – Gizmodo
How to Check If Your Email Password Was One of 453,000 Leaked This Morning


Security company Sucuri has put together a tool to check if your email is included in the 400,000+. It also notes that you might want to check even if your account isn’t at Yahoo:

[Sucuri] notes that 135,599 emails came from; but that a further 106,185 came from; 54,393 from; 24,677 from; 8,422 from and 6,282

July 2012, TechCrunch
Yahoo Confirms Apologizes for The Email Hack Says Still Fixing Plus Check If You Were Impacted Non-Yahoo Accounts Apply

Meanwhile, Sucuri, the company that created the above script, also has started to analyst the breached list. It identified some of the most common domains in the hacking list, including the most common passwords, and further analysis on password length.

May 2012, CIO Magazine
PHP Patches Actively Exploited CGI Vulnerability

Security researchers from website integrity monitoring firm Sucuri Security also reported seeing successful CVE-2012-1823 exploitation attempts since the weekend that resulted in the targeted websites being compromised.

The attackers are first sending a malicious query that includes the “-s” php-cgi flag to test if the targeted websites are vulnerable and then installed a backdoor through a query with the “-d” flag, Sucuri’s chief technology officer, Daniel Cid…

Mar, 2012, CIO Magazine
WordPress Blogs Infected Distribute Rogue Antivirus

Sucuri researchers have also been tracking this scareware distribution campaign and found that a rogue WordPress plug-in called ToolsPack has been installed on many of the compromised blogs. The plug-in masquerades as a collection of WordPress administration tools, but in reality it contains a backdoor that attackers use to maintain their unauthorized access to the affected sites, Dede said.

PCWorldFeb, 2012, PC World
How To Tell If A Link Is Safe Without Clicking On It

To scan the mysterious shortlinks you’ll often find on Twitter and Facebook, use Sucuri. Sucuri automatically expands the shortlink and draws upon a handful of services, such as Google, Norton SafeWeb, and PhishTank, to determine if the real link is safe.

Jun, 2011,
How to Fend Off a New Kind of Cyber Attack

Smola recommends using a service like Sucuri Web Integrity Monitoring, which lets you know if malware is found on your website.

Dec, 2010, TechCrunch
Hackers Embed Spam Into Google Search Listings For Unsuspecting Sites

A security scanning company called has made us aware of a new exploit that adds a unique module to many Apache web servers that will, under the right circumstances, return spam links to Google and certain browsers. This is, in short, one of the first targeted spam systems I’ve seen in the wild…

Dec, 2010, Blogging Tips
Sucuri – An Alarm and Recovery System for Your Website

Has your WordPress blog ever been hacked? Did the culprit somehow add a whole bunch of malicious content to your blog that you had no clue how to get rid of? It has happened to me and I’m sure it has happened to some of you as well. Next time you’re in a stressful situation like this, let Sucuri come to the rescue! If you’ve been a victim of blog hacking and malware or are just looking for some ongoing protection and monitoring for your site, they can help.

Nov, 2010, The NextWeb
Try This: Sucuri. Virus, Malware and DNS protection for your website

The idea is that Sucuri is somewhat like a malware scanner for your website. However, it also provides real-time monitoring of changes to your DNS, Whois and SSL settings. Considering the number of sites that we see which get DNS hijacked or otherwise taken over, this is becoming an important tool to have in your arsenal.

SC MagazineApril, 2010, SC Magazine
WordPress Users Report Hacked Blogs

Sucuri recommended affected users “revert your siteurl back to the previous value. Log in to your control panel, go to ‘manage database,’ and edit the siteurl value on ‘wp-option table.’”.