Profile

Cover photo
Denis Sinegubko
Works at Unmask Parasites
501 followers|89,364 views
AboutPostsPhotosVideos
People
Have him in circles
501 people
David Johnson's profile photo
Fitri Yantizellv's profile photo
Mike Shaw's profile photo
Андрей Шестеров's profile photo
Sofia Zuzina's profile photo
Romana Cristaldi's profile photo
Colin Holgate's profile photo
Ilya Muromez (Илья Муромец)'s profile photo
Marios Agathocleous's profile photo
Basic Information
Gender
Male
Work
Occupation
security researcher
Employment
  • Unmask Parasites
    Founder, 2008 - present
  • Sucuri, Inc.
    security researcher, 2013 - present
Links

Stream

Denis Sinegubko

Shared publicly  - 
 
Good explanation about why disallowing /wp-admin in robots.txt may be not a good idea
 
With all the back & forth on robots.txt, I ran across +Joost de Valk's post from earlier this year about his robots.txt file. It's pretty empty, read his post to find out why. Good stuff! 

https://yoast.com/wordpress-robots-txt-example/
2 comments on original post
1
Add a comment...

Denis Sinegubko

Shared publicly  - 
 
My new post on the +Sucuri Inc. blog:

In June we reported that SweetCaptcha injected third-party ad code to their scripts which lead to malvertising problems on the sites that used this CAPTCHA service. After that incident, the SweetCaptcha WordPress plugin had been removed from the official plugin repository.

To our surprise, we noticed SweetCaptcha in the WordPress repository on July 22 2015. To even greater surprise, the plugin page URL was "https: // wordpress .org/plugins/ jumpple /.

You can find the rest of this almost detective story here: https://blog.sucuri.net/2015/07/sweetcaptcha-returns-hijacking-another-plugin.html
Yesterday we observed a strange short return of the SweetCaptcha plugin to WordPress.org repository. In June we reported that SweetCaptcha injected third-party ad code to their scripts which lead to malvertising problems on the sites that used this CAPTCHA service. After that incident, the SweetCaptcha WordPress plugin had been removed from the official plugin repository.Read More
1
Add a comment...

Denis Sinegubko

Shared publicly  - 
 
 
WP-CLI is an efficient way to manage your WordPress installation using a command line interface. This is the first part in a series on WP-CLI for secure WordPress management. This post includes the basics of getting connected. http://hubs.ly/y0-s6r0
Do you use the WordPress dashboard to update plugins and themes? How do you back up your database? If you have not used it yet, WP-CLI is an efficient way to manage your WordPress installation using a command line interface, meaning you type text commands like these two: wp core update wp plugin update-all YouRead More
View original post
1
Add a comment...

Denis Sinegubko

Shared publicly  - 
 
 
Search Console users—we want your feedback!

Tell us if you'd find it useful to combine different sites in Search Console here → http://goo.gl/forms/t6xaybJkh3
Drive
Combining sites in Search ConsoleWe want to know if you'd find it useful to combine different sites in Search Console. For example, to view a combined Search Analytics report that includes different URL versions of your site (http and https) and different subdomains (mobile and international subdomains).
8 comments on original post
1
Add a comment...

Denis Sinegubko

Shared publicly  - 
 
 
Wearable fitness trackers tested for data leakage and poor security

https://grahamcluley.com/2015/06/wearable-fitness-trackers-test/
Nine different wearable fitness trackers have been put under the microscope, in order to explore how well they are protecting users' data. And it's not all good news...
1 comment on original post
2
1
Mariya Moeva's profile photo
Add a comment...
Have him in circles
501 people
David Johnson's profile photo
Fitri Yantizellv's profile photo
Mike Shaw's profile photo
Андрей Шестеров's profile photo
Sofia Zuzina's profile photo
Romana Cristaldi's profile photo
Colin Holgate's profile photo
Ilya Muromez (Илья Муромец)'s profile photo
Marios Agathocleous's profile photo

Denis Sinegubko

Shared publicly  - 
 
 
#NoHacked is back with more specific and advanced information.
We noticed a 180% increase in the number of sites getting hacked this past year. In these next few weeks, we'll help you learn to protect your content on the web through:
• hacking insights on our blog every Monday
• actionable tips on our social channels every Wednesday
• a security-themed Hangout on Air: https://goo.gl/U8htqZ

Check out our 1st #NoHacked blog post on password security, software security and helpful tools → http://goo.gl/979BBB
5 comments on original post
1
Add a comment...

Denis Sinegubko

Shared publicly  - 
 
WordPress update time.

4.2.3 - is a critical security release
WordPress 4.2.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.2.2 and earlier are affec...
2
2
Misha M.-Kupriyanov's profile photoArt Zemon's profile photo
Add a comment...

Denis Sinegubko

Shared publicly  - 
 
Despite of the name and claims on their sites, some online services have a shady reputation.

https://blog.sucuri.net/2015/07/webutation-distributing-malware-through-safety-badge.html
If you are using the Webutation badge on your site, remove it now. It appears they got hacked and are distributing malware to mobile devices through redirects hidden within the badge’s code. We were analyzing a website that was compromised and redirecting visitors to bogus apps on the Apple App Store and the Google PlayRead More
1
Add a comment...

Denis Sinegubko

Shared publicly  - 
 
 
"Each of the cores is made for a different OS and, together, they comprise a multi-platform malware that works on Windows, Windows Phone, Windows Mobile, Mac OSX, iOS, Linux, Android, BlackBerry OS, and Symbian. In this blog, I’ll cover the core-win32 repository, but you can assume that the functionality in the Windows agent is present on every other platform."
Security researchers the world over have been digging through the massive HackingTeam dump for the past five days, and what we’ve found has been surprising. I’ve heard this situation called many th...
View original post
2
Add a comment...

Denis Sinegubko

Shared publicly  - 
 
Brian Krebs shares his experience living a month without Flash.
http://krebsonsecurity.com/2015/06/a-month-without-adobe-flash-player/

In the post, you'll find information on why you might want to disable Flash too, how to do it, as well as some intermediary solutions such as NoScript, Play-To-Click, virtual machines, etc.
1
Add a comment...

Denis Sinegubko

Shared publicly  - 
 
Think where you store your backups!
 
Keep your website backups in a secure location because websites can get hacked via backups http://hubs.ly/y0WMGb0
The past few months we've been spending a good deal of time talking about backups. This is for good reason, they are often your safety net when things go wrong; interestingly enough though, they are often the forgotten pillar of security. It's why we spent some time thinking through what a good ...
View original post
1
Add a comment...