Last week, the U.S. Department of Justice released a report that revealed some weaknesses in Next Gen Cyber, The Federal Bureau of Investigation’s cyber security program begun in 2012. Next Gen Cyber originally has a budget of $314 million and a total of 1,333 full-time jobs (including 756 agents), while the DOJ also asked for an $86.6 million increase in funding for 2014 to support this Initiative. The FBI had in total 52 open positions of the 134 computer scientists it was authorized to employee under the Initiative.
Author: Lauren Papagalos Page 9 of 17
SiteLock announced today that its president, Neill Feather, has joined the board of the Online Trust Alliance (OTA), a leading non-profit organization dedicated to building online trust.
“SiteLock’s mission aligns perfectly with that of the OTA, so it is a pleasure for me to join its board and forward both our organizations’ goals,” noted Neill Feather, President of SiteLock. “SiteLock and the OTA are strong proponents of educating businesses and, collectively, we hope to share best practices and thwart the rising number of dangerous and malicious cybercriminal efforts.”
The Online Trust Alliance (OTA) recently released its 2015 Data Protection and Breach Readiness Guide for its seventh consecutive year. This guide helps provide businesses with prescriptive advice to help optimize data privacy and security practices to prevent, detect, contain and remediate the risk and impact of data loss incidents and breaches.
SiteLock website security just announced a partnership with Web.com earlier today, who will now offer SiteLock’s suite of website security products to customers who sign up for their hosting plans.
Web.com, including Network Solutions and Register.com, hosting customers will be offered options for bundled packages of SiteLock’s security services – which include daily website scanning and automatic malware removal along with TrueShield™ web application firewall, which protects websites from malicious traffic and blocks harmful requests.
FREAK (Factoring Attack on RSA-EXPORT Key) is one of the latest web security threats to go public, which works by weakening users’ encrypted connections on SSL and TLS, allowing a hacker to intercept and decipher data.
The threat affects mostly mobile device browsers, such as Apple’s Safari and Android device browsers, but it also affects older versions of OpenSSL including 1.0.2, 1.0.1, 1.0.0 and 0.9.8. Version 1.0.2 of OpenSSL has been classified under a “high” severity of vulnerability.
Remember the days when you could stop to make your morning coffee while waiting for a website to load? How about the times you wondered if your Internet was down because a picture took more than a few minutes to render? In the time it’s taken you to read this beautifully crafted intro, some websites will have lost precious traffic because their load time was over four seconds. Customers will wait — at most — 15 seconds, then leave your site and never come back. This may not seem like a big deal, but it has fiscal impacts on businesses of all sizes. Research by Kissmetrics revealed that even one second page delay could potentially cost businesses $2.5 million in sales every year.
With the shortest month of the year now in the books, it’s time to look at the top trending cybersecurity stories for March. Below are our picks for the top three security stories you should be reading this month:
The Latest FREAKy Web Security Bug
A new web security bug was discovered recently, leaving some Apple and Google device owners vulnerable to attack when visiting “secure” websites. It’s called FREAK (which stands for Factoring Attack on RSA-EXPORT Key), and works by weakening encrypted connections on SSL and TLS, which in turn allows an attacker to intercept and decipher the “secure” data.
Apparently the security flaw has been around for more than 10 years, but a fix is quickly on the way. Not to fear, SiteLock TrueShield customers are protected from this vulnerability. Learn more about FREAK here on PCMag.
Uber Finally Admits Data Breach
Almost a year later, on-demand taxi service Uber has announced that over 50,000 of its drivers’ personal information was stolen in May 2014. The cause? Apparently an unauthorized third party got access into Uber’s database. The hack was patched back in September, and Uber has provided one year of free credit monitoring to affected drivers. Learn more about the cybersecurity breach here on The Drum.
The Rise and Fall of Superfish
Did you know that Superfish was once a promising and rapidly growing Silicon Valley startup? They ended up striking a deal with PC manufacturer Lenovo, to have its software installed on their consumer PCs. Little did the public know, the Superfish software was logging online movement of its users, and hijacked online security systems, as revealed by a security researcher early this year.
The results were catastrophic, and Lenovo went into damage control mode. The company eventually released a Superfish uninstaller software, but by then a lot of damage had been done. Unfortunately, you don’t always know what you are getting when it comes to free software (“freeware” as it’s been coined recently). You can check out more info on the story here.
Stay Out of the News
No one wants to be featured in a headline about the latest data breach. Explore the comprehensive, cloud-based security solutions offered by SiteLock.
Consider this scenario: You’re the VP of IT for an insurance company. It’s 4 a.m. and you receive a frantic phone call from your CEO who informs you that sensitive client information (credit card numbers, SSN’s) has been leaked. Completely stunned, you look for answers. Turns out someone injected a Paline of malicious script into your website source code… nearly two months ago.
A recent report from PandaLabs suggests that “there were twice as many malware infections in 2014 compared to 2013” and that 2015 could be even worse. Today’s attacks are becoming increasingly sophisticated, and a simple malware injection can compromise your entire database.
One of the most effective and efficient ways to prevent attacks is by employing a type of website scanner. Website scan tools run in the background and can immediately identify malware and vulnerabilities but not all scanners are made equally. External malware scanners crawl each page of a site, much like a search engine, and look for malicious links or script, while internal malware scanners download a site’s source code and analyze each line looking for the signatures of malicious code. Finally, penetration testing scanners manipulate URLs and forms to attempt to exploit weaknesses in code.
- Identify malware and receive notifications if issues are found, helping keep your information secured and your website from being blacklisted
- Automatic remediation of known threats
- Ensure network security by checking ports on your server to make sure only appropriate visitors gain access to your website
- Monitor FTP and file change to provide you with full visibility of website changes
- Protect your database from SQL injections by probing your website for weaknesses
Companies should be cautious when making purchase decisions for a scanning product as poorly performed scans can negatively impact your site’s ability to conduct business. For instance, some scanners submit thousands of requests to web forms – such as contact forms – to probe for weaknesses. Similarly, poorly designed vulnerability tests can spam your inbox with testing emails and impact the performance of your website due to unnecessary load (similar to DDoS).
SiteLock INFINITY is a safe and efficient solution that provides well-designed and continuous scanning, including the only automatic detection and removal in the industry. For an added layer of security, the SiteLock TrueShield Web Application Firewall (WAF) prevents malicious traffic from even getting in. Active website scanning tools and a WAF will help mitigate cyber attacks, and more importantly, protect your customer’s valuable data. For more information on integrating these solutions into your existing website call 855.378.6200.
If you accept credit card payments, you’re likely familiar with PCI compliance and what it entails. If you accept credit card payments, or are considering it, and are NOT familiar with PCI compliance, be sure to take accurate notes on the information that follows.
PCI DSS Overview
Created in 2004 by the five global payment brands — Visa, Mastercard, American Express, Discover and JCB — the Payment Card Industry Data Security Standard (PCI DSS) is a security compliance requirement for businesses that handle credit cards. It was created to protect customer and cardholder data from cyber attacks and fraud.
SEO (Search Engine Optimization) is the process of improving your website’s ranking among search engines like Google and Bing. Over the past few years, SEO has greatly evolved. Keywords and backlinks (other websites linking back to yours) used to have a huge impact on SEO rankings, but have since been taken over by new and improved algorithms such as Google’s Penguin and Hummingbird, which aim to decrease black-hat (negative) SEO techniques such as link spam.
With cyber attacks on the rise, search engines have been increasingly factoring spam injections, malware infections, and website speed into their SEO algorithms. Properly securing your website can provide a large boost to your SEO rankings. Below are 3 ways you can improve the SEO ranking of your website by securing your website.
1. Moderate comment spam
Malicious links hosted on your website can negatively impact your SEO and, worst case, can flag your website as malware or spam, preventing users access to it.
One of the easiest ways for hackers to place malicious or irrelevant links on your site is through comments on your blog. These links damage your site’s authority and credibility so managing them is critical. Fortunately, there are several things you can do to automate the moderation process of comments:
- If you’re using a Content Management System (CMS) like WordPress, look into one of their comment system plugins
- Enable CAPTCHAs when possible, as an extra layer of security
- Disable anonymous posting, and only allow registered users to post comments
- If you have an active moderator, require that comments be approved before they are posted on your website
- Enable a web application firewall (similar to our TrueShield WAF) which will block malicious bots from accessing your site to begin with
- If you’re still having trouble with comment spam, you should disallow hyperlinks in comments altogether
2. Regularly scan your website for malware
Often times, malware and malicious links can be injected into the code of your website without notice, negatively affecting your SEO, and potentially harming your visitors. Reversing the whole process is both difficult and time consuming, since injected malware is usually hidden and made to look like regular code, and your hard-won SEO rankings may be lost in the meantime.
A website malware scanning tool can scan your code each day for malware (and suspected malware) and in some cases automatically remove the threats or point you directly to the suspected malware. This means you don’t have to search line-by-line through code in the event that your website is compromised. The SiteLock Website Scanning and Malware Removal product provides automated alerts to help you avoid search engine blacklisting, saving your business’s reputation and SEO positions.
3. Cache website data with a CDN
Malware can dramatically increase the time it takes a website to load, if it allows it to load at all. But even a malware-free website can improve its SEO, performance, and security at the same time. A CDN (Content Delivery Network) is a website optimization infrastructure that works by caching website’s content across data centers around the globe. This results in quicker website load times since content is served locally to visitors. It also improves website security since, as is the case of the SiteLock CDN, data is fully encrypted both in transit, and at rest.
Major search engines like Google factor load times into their SEO algorithms (time to first byte – TTFB), so by using a CDN, your website can experience a boost in SEO while improving security at the same time.
Want to see how your SEO stacks up? Many online tools can scan your website and provide suggestions to improve your SEO. Contact a SiteLock Security Consultant today to learn what solutions are the right fit for your site.