The extent of the damage a malware attack can have on your website typically depends on a number of variables, not the least of which is your response time. The longer it takes to detect and remove malware, the more expensive the recovery process becomes. Unfortunately, many types of malware are deliberately designed to keep themselves concealed for as long as possible. Eventually, however, the symptoms of a malware-infected website can become hard to miss.
Modern malicious software — or malware for short — has reached unprecedented levels of sophistication, and as the attack landscape continues to evolve, new threats will undoubtedly emerge. Malware affecting websites poses a special danger to businesses. Even some of the world’s largest corporations have fallen victim to attacks.
Malware has infected roughly a third of the world’s computers, costing companies across the globe trillions of dollars each year. Yet in a recent report by Nationwide, only 13% of small business owners said they’d been targeted by a cyberattack, but when they saw specific examples of cybercrime — from phishing to ransomware — that number shot up to 58%. Malicious code isn’t confined to operating systems, either. Millions of websites across the internet also contain vulnerabilities that make them easy targets.
Don’t just pay attention to the man behind the curtain, tear the curtain down and burn it. That’s been the general sentiment among the InfoSec community on Twitter this past week in the wake of the discovery of multiple vulnerabilities intentionally built into the popular pipdig Power Pack (P3) plugin. I could easily write 3,000 words digging into the code, but that’s been covered incredibly well already by other researchers. Instead, I’m going to focus more on the effects of this situation, and on how we as a security-minded community can make a difference going forward.
The popular e-commerce CMS platform, Magento, announced multiple security updates to their commerce and open source versions on March 26, 2018. More than 250,000 active Magento installations are affected by this security flaw, including versions 2.1 prior to 2.1.17, 2.2 prior to 2.2.8, and 2.3 prior to 2.3.1.
SiteLock SMART PLUS just got smarter! Users now have the ability to select and resolve multiple suspicious WordPress comments, users, and posts from their on-demand database scan results. The ability to toggle back and forth between these results enhances the user experience, making it easier to select, save, and resolve multiple suspicious items found in the database scan. Previously, changes to the comments, users, and posts were processed one at a time. These updates make it even easier to clean malware at the database level and removing spam comments.
If cybercriminals were creating illegitimate websites to impersonate your brand and steal victims’ information—would you shut down those sites if you could?
That’s exactly what Microsoft did when it took control of 99 websites that Iranian hackers used to try to steal sensitive information from targeted victims, namely United States employees in the public and private sectors. According to Microsoft, the hackers “specifically directed” their attacks on government agencies in Washington.
SiteLock is hosting a free webinar on Core Concepts of WordPress Themes with WPShout co-owner David B. Hayes and you’re invited!
The live event is LIVE on April 4 at 12:00 p.m. CST. Click here to register!
Social Warfare announced via Twitter on March 21, 2019, a new version 3.5.3 was released due to a cross-site scripting (XSS) WordPress vulnerability that was discovered yesterday. The social sharing plugin allows users to share social media links in the form of buttons on their website and comments, making it easier for their readers’ to quickly access the websites’ social media pages.
This week a severe WordPress vulnerability was patched by the authors of Easy WP SMTP WordPress Plugin. Easy WP SMTP allows users to send outgoing emails through the SMTP server in an attempt to keep their emails from going directly to spam or junk mail. This vulnerability allows cybercriminals to gain unauthenticated access to sites using this plugin. With over 300,000 active installations, thousands of users are affected by this zero-day vulnerability in version 1.3.9.
