We’re excited to announce that SiteLock INFINITY was recently recognized as a finalist in the Cybersecurity Excellence Awards in the Anti-Malware category! The Cybersecurity Excellence Awards recognize companies, products and individuals that demonstrate excellence, innovation and leadership in information security.
Author: SiteLock Page 12 of 24
SiteLock Research has identified a trend of defacements impacting thousands of WordPress websites. This trend of defacements appears to be exploiting a vulnerability in the WordPress REST API present in versions 4.7 and 4.7.1. The attack overwrites existing WordPress posts with a defacement, of which there are already many variations, with hackers even overwriting each others’ defacements in many cases. Customers using the SiteLock TrueShield™ Web Application Firewall (WAF) are protected against this exploit.
- This attack vector impacts WordPress sites running versions 4.7 and 4.7.1 with the REST API enabled.
- The attackers are sending the defacement payload over the REST API to modify and deface existing posts.
- Post keywords are being modified in many cases, possibly for blackhat SEO purposes.
- We’ve identified at least six different defacement
campaigns through this vector.
Examples (hackers’ handles redacted):
This attack targets existing posts in WordPress, which means that a successful attack is overwriting data inside the WordPress database and data may only be recoverable via backup. If you have been impacted by this attack, your best course of action is to follow these steps:
1. Perform a file and database backup of the impacted website and save it to a secure location. This will ensure your data is safe if any critical failures occur in the following steps.
2. Update WordPress to the latest version, version 4.7.2.
3. Login to /wp-admin/ and verify which posts have been impacted by the defacement by looking in the title and body of the post for content that you did not put there. From the “edit post” menu, for each impacted post, check the revision history of the post to see if the original content is intact in a previous revision. If a previous revision is available, restore the post to that revision. Be sure to also check if the permalink for the post has been modified.
In many cases, following the above steps will remove the defacement and no further action is required. If you were not able to recover all of your post content, please continue with the following steps.
4. Locate your most recent database backup from before the attack and restore it to the production database.
5. Login to /wp-admin/ to check if any database clean-up is required to synchronize to the current WordPress version on the production site.
6. If WordPress indicates database changes are needed, allow it to run through the changes.
7. Audit your website for any incompatibility with the new WordPress version you’ve installed. Issues with updating are most commonly evident in the look and feel of the website.
We advise reaching out to your hosting provider as they may have a backup of your website stored on file. Additionally, if you have any questions or concerns about this email, please contact us at 877.563.2832 or email firstname.lastname@example.org.
Please check this article regularly for updates as more information becomes available.
As you may have heard by now, WordPress 4.7.2 has arrived! This emergency patch was released by the diligent WordPress contributors following the discovery of a rather nasty vulnerability in the new WordPress REST API functionality. The vulnerability discovered allowed for unauthenticated privilege escalation, which in layman’s terms means it’s potentially harmful as it could allow an adversary to gain unauthorized administrator privileges to any post on most WordPress websites running versions 4.7 or 4.7.1.
So far in this #AskSecPro DDoS series we’ve covered both Application Layer DDoS Attacks and Protocol-Based DDoS Attacks. We’ve also identified the differences between a DoS and a DDoS attack. In this final segment of the DDoS series, we’ll discuss the third category of DDoS attacks, Volumetric Attacks, also known as Volume-Based Attacks
Continuing our #AskSecPro DDoS series where we last discussed Application Layer Attacks, today we’ll focus on some of the most popular protocol-based DDoS attacks we’ve seen hit our customers’ web application firewall, SiteLock TrueShield™, over the years. TrueShield™ is SiteLock’s distributed cloud-based web application firewall (WAF) with the capability of defending against attacks across layers 3, 4, and 7.
In our last #AskSecPro article we discussed the differences between a DoS and a DDoS attack. Now that we understand what a DDoS attack is in concept, let’s learn a little more about the mechanisms involved in these attacks. In Part Two of the DDoS Attacks series we’ll focus on some of the attack vectors utilized by adversaries when launching a denial of service attack.
Rena McDaniel is a self-proclaimed WordPress aficionado and a technology buff. She is also a successful WordPress designer, mother, wife, and grandmother.
Five years ago, McDaniel’s life changed when she was in a serious car accident. Unfortunately, the accident resulted in her becoming physically disabled. After a year of rehabilitation, her husband accepted a new job in South Carolina. They sold everything and made the move. Motivated by the change and inspired by her new environment, McDaniel channeled her energy into her personal passion, WordPress. Her blog quickly grew beyond the simple joy of writing, and developed into a natural curiosity for WordPress design. With continued focus on her passion, McDaniel soon mastered her craft and her friends and family began to take notice. With their encouragement she decided to found TheBlogging911.com.
The ease and accessibility of working remotely is increasing for our workforce. This is especially true for legal professionals. In a recent Law Technology Today article, SiteLock president, Neill Feather, addresses the dangers that working remotely poses to data security for today’s law firms and their clients.
The article notes, “fewer lawyers—only 63 percent—are working in traditional office settings.” With this change in data accessibility, legal professionals are at a much greater risk of cyberattacks and data breaches that could expose confidential client information.
Feather shares five tips that law firms should implement to secure their data and proactively protect their reputation. Read the full article here.
There’s a lot of buzz going around in many online communities concerning the recent distributed denial of service (DDoS) attacks the world has witnessed. In many of my own circles I’m often the only security guy in the room so I end up fielding a lot of questions, the most common of which is, “how do they do this stuff?!” In this District #AskSecPro series, I’ll be explaining the anatomy of D/DoS attacks and the practical weaponization of regular computers.