Month: September 2017

SiteLock

SiteLock INFINITY Wins 2017 Cloud Computing Excellence Award

We are excited to announce that SiteLock®INFINITY™ was recently recognized as a winner of the 2017 Cloud Computing Excellence Awards by TMC’s Cloud Computing Magazine. The Cloud Computing Excellence Awards recognize companies and products that most effectively deliver network security through cloud platforms and provide security for cloud based applications.

INFINITY is a state of the art malware and vulnerability remediation service featuring unique, patent-pending technology. INFINITY combines deep website scanning and automatic malware removal with unrivaled accuracy and frequency. Designed to scan a website from the end-user’s point of view, it catches any trace of malware before the user does.

Websites experience 22 attacks per day on average. That’s more than 8,000 attacks per year, per website, according to recent SiteLock data. SiteLock INFINITY provides always-on, continuous scanning to detect vulnerabilities and automatically remove malware the moment it hits. Once the initial site scan is complete, it scans again to ensure constant surveillance and protection with the highest degree of reliability.

Since 2008, we’ve remained dedicated to “protecting every website on the internet,” and SiteLock INFINITY helps us deliver on this mission.

Thank you to TMC’s Cloud Computing Magazine for honoring SiteLock INFINITY with a 2017 Cloud Computing Excellence Award!

 

How SiteLock Saved a Whale Watchers Website [Case Study]

Company Overview

Hyannis Whale Watcher Cruises is dedicated to providing ‘Cape Cod’s Finest Whale Watching!’ Established in 1989, the company brings more than thirty years of experience to whale watching, with an impressive sighting rate of 99 percent. As the company’s popularity grew, its website was forced to expand from an initial online brochure to a comprehensive resource including whale watching information, trip scheduling and online ticket purchasing. These changes also greatly increased customer reach both nationally and internationally.

Read More

SiteLock Podcast Equihax

Decoding Security Episode 101: EQUIHAX

Nicknamed “Equihax,” the recent Equifax breach is one of the largest data leaks in history, affecting millions of people. There has been a lot of discussion about proper incident response, and whether Equifax is following acceptable procedures.

In the debut episode of Decoding Security, SiteLock Website Security research Analysts Jessica Ortega and Michael Veenstra go beyond the cause of the breach to discuss what consumers can do to protect themselves now. And, even more importantly, what consumers can do to protect themselves going forward.

Listen to Decoding Security Episode 101: EQUIHAX

If you enjoyed this week’s episode, visit Decoding Security on your preferred podcasting service to leave a review and subscribe so that you don’t miss future episodes!

Malware

Apache Struts Vulnerability Found and Patched

A vulnerability was recently discovered in Apache Struts, a popular framework for web-based Java applications, which allows for remote code execution on affected servers and allows for complete control of the application. The framework is commonly used by large, sophisticated organizations such as Lockheed Martin and Citigroup, meaning the vulnerability could affect up to 65% of Fortune 100 companies, resulting in large scale data breaches and private consumer data theft.

Found by lgtm.com security researcher Man Yue Mo, the vulnerability stems from unsafe deserialization of user supplied data to the REST plugin, which allows API access to the Java application. Researchers contacted the Apache Foundation directly, allowing the plugin developers to patch the issue before widespread exploitation. As of this writing, at least one live exploit has been seen in the wild, and a Metasploit module was released.

Apache Struts joins a growing fraternity of widely used applications to see an API vulnerability this year, including WordPress and Instagram. WordPress shared a similar experience where the exploit was discovered before widespread attacks, but many users failed to update and suffered compromise and data loss. The Struts vulnerability is more complicated to exploit which should result in a less dramatic rise in attacks. Regardless, patches should be applied as soon as possible, as a proactive security stance is more effective.

Apache Struts users are urged to upgrade to version 2.3.34 or 2.5.13 respectively, and additional information is provided by Apache on the official struts webpage at: https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.3.34 and   https://struts.apache.org/announce.html#a20170905.

More sophisticated exploits are likely to occur as this vulnerability is examined. The best option for mitigation is to patch Struts as soon as possible to the recommended versions and regularly check for updates. Website owners should also consider adding a web application firewall and malware scanner to mitigate or reduce the severity of compromise.

SiteLock TrueShield customers are already protected against this exploit. Attempted attacks will be caught and blocked by the TrueShield WAF. If your website isn’t protected, call SiteLock at 888.878.2417 to get TrueShield installed today.

Powered by WordPress & Theme by Anders Norén