Month: January 2018

cyberattacks 2018

What Website Owners Need to Know About Cyberattacks In 2018

Imagine if one in every 15 websites you visited was secretly taken over by cybercriminals trying to steal your credit card information or other personal data. Now imagine if that website was your website, and you had no idea it was harming your visitors. This is the reality for many website owners, and now more than ever, they  need to be on alert for cyberattacks in 2018.

In Q3 2017, SiteLock discovered alarming cybercrime trends that will likely affect websites for months to come. The most worrying trend for website owners: cybercriminals are increasingly using malware, or software that is used for malicious purposes, to take advantage of website visitors. In fact, nearly 15 percent of malware attacks targeted website visitors with the goal of exploiting them for sensitive data, website traffic, and other assets or resources. That’s not all: cybercriminals attempted to compromise more websites in Q3 2017 than in the previous quarter, increasing their attempted attacks by 16 percent

Read More

Web Application Security

Alert: Joomla! 3.8.4 Released Today With Important Security Updates

The Joomla! team has been hard at work today releasing version 3.8.4, which contains multiple security updates and bug fixes. Specifically, four major security vulnerabilities were found in Joomla! core files. These vulnerabilities impact all Joomla!  versions from 1.5 to 3.7. Three of the four vulnerabilities identified were cross site scripting (XSS) vulnerabilities found in modules and components within the core application. These vulnerabilities could potentially allow attackers to inject malicious code into otherwise legitimate website files. The fourth vulnerability, a  SQL injection (SQLi) vulnerability, was identified in the post-install message and could have allowed attackers to inject malicious code into the Joomla! MySQL database.  

Read More

email security

Decoding Security 111: Email Security Mistakes

Looking for a date in time for Valentine’s Day? If you’re using Tinder, be careful when swiping right. Cybersecurity researchers discovered security flaws in the popular dating app that could allow hackers to discover users’ private data and personal preferences, like the photos of users they’ve swiped right or left on. In other cybersecurity news, a cybercrime “conglomerate” named Zirconium has been found responsible for the largest malvertising operation of 2017. Using a network of 28 fake ad agencies, Zirconium strategically placed ads that led users to malicious websites pushing scams or fake software updates. The campaigns were so successful – and so sneaky – that they generated 1 billion ad views in 2017.

Read More

sitelock website security insider q3 2017

Nancy and the Terrible Tale of Malware

Nancy is a small business owner who runs an ecommerce store selling women’s clothing. She knows there’s a lot of competition out there, so she works hard to make her customers happy. She’s found that one of the best ways to attract new customers and keep them coming back is by creating a feature-rich, user-friendly website that visitors love to use. Nancy’s website provides an easy shopping experience for her customers thanks to the features included with ecommerce plugins like Magento and WooCommerce. It also includes linked social media accounts, videos, pages of merchandise, and more!

One day, Nancy woke up to an inbox full of emails from frustrated customers. Something was wrong with her website! 

Read More

SMB Owner Gets Her Website Back In Shape [Case Study]

Company Background

Dawn H. spent 30 plus years working in the IT industry before deciding to make a career change. Having recently lost 120lbs in 14 months, she developed a personal connection with a women’s shapewear brand and decided to purchase the company in November 2016.

As any small business can attest to, a website is central to establishing their brand. It not only acts as the face of the business but is also the primary point of contact for customers and a profitable asset. Ninety percent of all Dawn’s business is conducted online through an e-commerce WordPress site. The site is also optimized for mobile use and provides an easy checkout experience. This makes it essential that her website is running safely and securely at all times.

Challenges

Not long after purchasing the women’s shapewear brand, Dawn was slated to attend and exhibit at one of their biggest retail trade shows of the year on the West Coast just before the holiday shopping season. Attending this show was vital to driving brand awareness as well as traffic to her website, which would generate sales. About 12 hours before Dawn and her team were supposed to leave for the event, she received an email from Google saying her website had been hacked. Upon doing her own Google search she discovered that listed under her website name, in big red letters, were the words “THIS WEBSITE MAY BE HACKED.” After further investigation, it was determined that her website had most likely been Google blacklisted for several days before Dawn was even aware. Now in panic mode, Dawn immediately contacted her hosting provider who immediately put her in touch with SiteLock.

Solution and Result

Thanks to the SiteLock customer service team which operates 24/7/365, Dawn was able to get in touch with a SiteLock security consultant mere hours before her show. SiteLock quickly diagnosed the problem and explained that her e-commerce website had experienced multiple hacks in the form of email spam, URL’s referencing spam, and malware. These were security issues that, if left unattended, could have put customer data at risk. SiteLock told Dawn not to worry, and assured her that they would have the issues resolved within four to six hours. Although overwhelmed by the unexpected circumstances, Dawn was grateful for the personal attention and quality support she received from the SiteLock team.

“SiteLock took the time to explain to me exactly what was wrong with my website and helped recommend the right security solution to prevent my site from being hacked again.”

Dawn was relieved to wake up the next morning and see that her website was up and running, no longer blacklisted. Unfortunately, the very next day, her site was once again suspended. This time, Dawn’s hosting provider had found additional spam and malware in old backup files and folders that SiteLock did not have initial access to. Dawn immediately contacted SiteLock, who set up a conference call with the hosting company to help resolve the issue. Dawn explained, “I was so impressed because SiteLock worked directly with my hosting provider to ensure all issues were taken care of and that my website was back up and running smoothly before we hung up the call.”

As a small business owner without an IT department, it could have cost Dawn thousands of dollars to get her website back up, not to mention the potential for lost sales. Together, SiteLock and Dawn were able develop the right security solution for her website utilizing SiteLock TrueShield: Enterprise and SiteLock INFINITY. By taking a proactive approach to website security, Dawn has confidence knowing her website is protected and can focus on growing her business.

Since partnering with SiteLock, Dawn is much more aware of how easily hackers can target and successfully penetrate a website. Dawn recounted, “I never really thought this could happen to me. I assumed my hosting provider was securing my website. It was a tough lesson to learn that website security is actually my responsibility, but one that allows me to now educate others so it doesn’t happen to them.”

Today, Dawn has peace of mind that her site is secured with SiteLock, and her business can continue to run smoothly.  Dawn especially loves the detailed report she receives that shows her just how many attacks continue to be blocked each week.

She is also amazed at the exceptional customer service SiteLock provides. “Every single day my account manager calls me to provide an update on my site. He just calls and says, “Hi Dawn.  I have just started my shift and checked the reports on your site and everything is running smooth.” I mean, how many people do that? Maybe a few. How many do that every day? No one!” Dawn said.

Advice for other Small Business Owners

Dawn also has some advice for other small business owners in hopes of preventing them from having to go through the same ordeal that she did.

“My advice to small businesses is simple and straight forward.  You need to create a security plan and be proactive in securing your website. Don’t think it won’t happen to you.”


We offer a suite of comprehensive and affordable website security solutions to ensure that your website stays free of malware. For more SiteLock case studies, visit www.sitelock.com/reviews. You can also read a brutally honest review of SiteLock on WPBuffs.com.

Breaking: WordPress Releases Security and Maintenance Update

On January 16, 2017 WordPress released version 4.9.2, which included several security updates, as well as bug fixes for all versions after WordPress 3.7. WordPress has reported that a cross-site scripting (XSS) vulnerability was found in a group of files used to play Flash videos, which was included with all WordPress versions after 3.7. However, because most browsers no longer require these files to play video content, upgrading to version 4.9.2 removes these files. Due to the nature of XSS vulnerabilities, it is highly recommended that WordPress users update their websites immediately to avoid possible compromise.

WordPress notes the following bug fixes and features in particular:

  • Browser issues specific to Mozilla Firefox that prevented saving posts have been corrected.
  • Widget settings will be restored when switching themes in the application settings.

SMART PLUS, SiteLock INFINITY, and Patchman users are protected from this security issue, as SMART/PATCH and the Patchman libraries have been updated with secure patches that protect plugins and themes reliant on their current versions. It is still advised that website owners plan full version upgrades as soon as possible to take advantage of the new features and full list of bug fixes in WordPress version 4.9.2.

For more information about how SiteLock can help protect your websites from vulnerabilities and malware, contact us at 855.378.6200. We are available 24/7/365 to help!

sitelock podcast principle of least privilege

Decoding Security 110: It’s A Matter of Trust

We’re just days into 2018 and cybersecurity already has its first major headline of the year: Meltdown and Spectre. By exploiting common features found in modern microprocessors, cybercriminals have been able to use the attacks known as “Meltdown” and “Spectre” to steal sensitive information from any computer, device, and even the cloud. We’ll walk you through how and why Meltdown and Spectre happened, and which security patches are already available.

We’ll also provide an overview of the principle of least privilege, the concept of restricting user permissions as a preemptive security measure. Join our hosts, security analysts Jessica Ortega and Ramuel Gall, as they provide important tips that everyone, from parents to CTOs, can use to protect themselves from the cybersecurity risks caused by human error.

Want to learn more about how both businesses and individuals can improve their cybersecurity savvy? Check out our past podcasts on endpoint and website security or social media security. For more Decoding Security, subscribe on YouTube, iTunes, or Google Play!

check website for malware

How To Check Your Website For Malware

As cybercrime grows and evolves, malware remains a constant weapon in a cybercriminal’s armory. Malware, short for malicious software, is created with the intent of causing harm to a website or computer. Website malware can be used to steal sensitive customer information, hold websites for ransom, or even take control of the website itself. In many cases, victims of malware may not realize they’ve been attacked until it’s too late.

Over one million new malware threats are released daily, so knowing what you can do to check for and combat malware is essential for all website owners. To protect your website, it is critical to take matters into your own hands and become proactive about website security. There are two primary ways to do this; the first is by learning to check for signs of malware manually. The second, and most effective, way to protect against malware is by using a website scanner that detects malicious content and automatically removes it. Follow these steps to check your website for malware, starting by recognizing the common symptoms of malware.

Read More

startup small business website

4 Steps to Securing Your Startup Website

As a startup, your website is critical to your success: it’s the face of your business and likely your primary channel for revenue and lead generation. However, your website and your business are put at risk every day by an unseen threat: cyberattacks.

The average website experiences 59 attacks every day, any of which could result in stolen customer data, blacklisting by search engines, or suspension by your web host. A successful attack on your site could also impact revenue, tarnish your reputation, and degrade customer loyalty. To protect against a possible cyberattack and mitigate the consequences it could have on your business, you’ll need to invest in website security.

Read More

sitelock podcast

Decoding Security 109: New Year’s Resolutions

If your New Year’s resolution is to protect yourself from cyberattacks, you’re in luck! This week on Decoding Security, security analysts Jessica Ortega and Ramuel Gall share their predictions for the top cybercrime trends in 2018. Our hosts also identify ways you can arm yourself against these ever-evolving threats. We don’t want to give away their predictions, but we’ll give you a hint: if your holiday gifts included a digital assistant like Amazon Alexa or Google Home, be sure to tune in!

We’ll also catch you up on the latest cybersecurity news, including the 25 Worst Passwords of 2017 and a leaky server that exposed 300,000 email addresses and login credentials from Ancestry.com.

Happy New Year from SiteLock and Decoding Security! Our New Year’s resolution is to continue to bring you a fun and informative podcast, so make sure you keep up by subscribing on YouTube,  iTunes, or Google Play!

Powered by WordPress & Theme by Anders Norén