Profile

Cover photo
Denis Sinegubko
Works at Unmask Parasites
431 followers|58,287 views
AboutPostsPhotosVideos
People
Have him in circles
431 people
Basic Information
Gender
Male
Work
Occupation
security researcher
Employment
  • Unmask Parasites
    Founder, 2008 - present
  • Sucuri, Inc.
    security researcher, 2013 - present
Links

Stream

Denis Sinegubko

Shared publicly  - 
 
My post on the +Sucuri Inc. blog.

When checking your files for malware you can't totally rely on scanning for particular patterns or searching for weird code that stands out from the rest. It's quite easy to write malicious code that looks natural and benign.

In such cases, integrity control is your friend.
We recently wrote about backdoors in pirated commercial WordPress plugins. This time it will be a short post about an interesting backdoor we found in a Joomla
1
Add a comment...
 
 
We're expanding Google's security services for Android with the ability to continually protect you from harmful apps: http://goo.gl/c2HgHz
3
1
Mariya Moeva's profile photo
Add a comment...

Denis Sinegubko

commented on a post on Blogger.
Shared publicly  - 
 
In the prevention part I would add the following:
1. Choose strong passwords for  CMS (WordPress, Joomla, whatever) and preferably rename the user with admin permissions.
2. Don't install third-party software/themes/plugins/etc. from unreliable sources (very often they contain backdoors or undisclosed ads)
3. Stick to bare minimum when installing third-party software. Even 100% legitimate scripts may have know and yet unknown security holes. If you don't use some software, delete it completely from server. Even in deactivated state it can be abused.
4. If you access your site from an infected computer, malware on your computer may eventually get access to your server too. So protect your local computer from infections.
3
Add a comment...
 
Make sure to check comments - they are quite insightful.
http://blog.sucuri.net/2014/03/unmasking-free-premium-wordpress-plugins.html#disqus_thread

Some plugin developers share their stories there.
 
My new post on the +Sucuri Inc. blog. It's about malware added to most of premium plugins that various shady sites redistribute for "free".

In the article, you'll find several examples of backdoors and unwanted ad scripts that can be found there.

Please, think what you install on your server. Software form unreliable sources may cause lots of trouble.

http://blog.sucuri.net/2014/03/unmasking-free-premium-wordpress-plugins.html
WordPress has a large repository of free plugins (currently 30,000+) that can add almost any functionality to your blog. However, there is still a market for pr
2
Add a comment...

Denis Sinegubko

Shared publicly  - 
 
Have a vBulletin forum on your site? Time to upgrade.

... A security issue has been found that affects all versions of vBulletin including 3.x, 4.x and 5.x ...

http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4024547-security-exploit-patched-in-versions-3-5-3-6-3-7-3-8-4-x-5-x-of-vbulletin
1
Add a comment...
Have him in circles
431 people
 
This is really serious. " Jetpack is one of the most widely used plugins in the WordPress world ".

... During an internal security audit, we found a bug that allows an attacker to bypass a site’s access controls and publish posts. This vulnerability could be combined with other attacks to escalate access. This bug has existed since Jetpack 1.9, released in October 2012 ...

Now that the vulnerability has been disclosed, it shouldn't take long before hackers begin to massively attack WordPress sites trying to exploit it.

If you use JetPack, update it ASAP!!!
1
2
Pedro Carvalho's profile photoPedro Dias's profile photo
Add a comment...
 
... winner takes all, including Google Webmaster Tools
Today Sucuri unofficially acquires Google Webmaster Tools. In an effort to combine forces of good, Sucuri officials challenged Google to a thumb wrestli
2
Add a comment...

Denis Sinegubko

Shared publicly  - 
 
https://www.resetthenet.org/

.. And by the way, a good list of apps and services that make spying on you difficult: Adium, Pidgin, OTR, TextSecure, LEAP, ChatSecure, SecureDrop, Tor, DuckDuckGo, Disconnect.Me, GPGtools.
 
Помогите поддержать акцию.

June 5th, 2014: we will Reset the Net and defend free expression from censorship and surveillance. We have the power to do it, but only if we do it together. Are you in?
reference https://www.resetthenet.org/
 ·  Translate
2
2
Constantine Lopatko's profile photodre g's profile photo
Add a comment...