Author: Weston Henry Page 4 of 5

phishing attack

Phishing Attacks And How to Counter Them

In this week’s post, we take a look at “in-the-wild” phishing attacks and talk about how to counter them. Protecting yourself from phishing and malware attacks is not only important, it’s a fundamental Internet survival skill, made even more essential if you have a web presence you depend on. A compromised workstation could lead to compromised credentials, ultimately leading to complete control of your website by bad actors. We don’t want that.

Read More

Malware removal

The Changing Behavior Of Malware Payloads

We’re kicking off a new blog series here at SiteLock, to share some of the insight we gather every day removing malware from websites.   This series will be geared toward folks interested in learning more about the web application security landscape. In this space, we’ll cover various topics each week – everything from CMS security to malware, to vulnerabilities and best security practices.

Insights On Malware Campaigns

One of the interesting things about tracking malware campaigns is their changing behavior as the campaigns shift to different targets, employ new tactics to evade detection, and propagate new malware, based on the changing economics of the campaigns.

Below is an example we have seen take shape and evolve over the past few weeks that should give readers an example of how these changes occur and what is going on behind the scenes of a large-scale malware attack campaign.

Read More

CAPTCHA That Form and Stop Email Spam

Don’t you love the feeling of customer inquiries in your morning inbox? So much interest in your site! You look closer at the emails and find they’re all from Michael – Michael Jordan, Michael Kors, Michael Vuitton – well, Louis Vuitton, but you get the point. Somehow, spambots found your form and blindly barraged your inbox with handbag and sneaker spam, or worse, adult content. How do you, a busy business owner, stop the spam while allowing legitimate requests? The good news is that you have a couple options – one is easy and the other, even easier.

Read More

https encryption

Logjam’s Effect On HTTPS Encryption

What Is Logjam?

Transport Layer Security, or TLS, is the protocol commonly used in HTTPS connections.   Logjam is the code name for a cryptographic weakness in the Diffie-Helman key exchange algorithm used by TLS. The Diffie-Helman Exchange (DHE) allows two parties – a browser and server in our case – to exchange prime numbers in a secure manner which are then used to create a shared secret used to encrypt a session.

A team of computer scientists and security researchers found that precomputing the prime number groups that DHE uses allows faster computation of the discrete logs used to find the shared secret. With academic-level resources, the researchers precomputed a 512-bit group used by 82% of vulnerable servers. The researchers posit that nation-state level resources could precompute 1024-bit Diffie-Helman groups, affecting even larger swaths of the internet.

Read More

XSS vulnerability - cross-site scripting

The WordPress Genericons XSS Vulnerability

Earlier this week a security researcher reported a cross site scripting vulnerability, also known as an XSS vulnerability, in the WordPress icon package, Genericons.  Genericons is an icon package that was used with the default-installed WordPress theme, Twenty Fifteen.   Genericons included an HTML file, named example.html, which actually had the cross site scripting flaw.

About The Genericons XSS Vulnerablity

The XSS vulnerability was DOM, or document object model, based meaning it could potentially control how the browser handles a requested page. The victim would have to be coaxed into clicking a malicious link, reducing severity, though the exploit remains widely deployed all the same.

Read More

XSS vulnerability - cross-site scripting

The WordPress 4.2 XSS Vulnerability

Recently, a security researcher released a zero-day stored XSS vulnerability in WordPress, meaning it was previously undisclosed and, at the time, unpatched. The vulnerability affected the latest versions of WordPress at release, including 4.2.

How Can The XSS Vulnerability Be Exploited?

The xss vulnerability involves how WordPress stores comments in its MySQL database. Comments are stored as text and the size of that text is limited to 64 kilobytes, or 64,000 characters. Given a previously approved comment, an attacker could create a malformed comment using approved HTML tags and tack on 64 kb of any character (perl -e ‘print “a” x 64000’). The 64 kb of junk is truncated and what’s left is a malicious comment in the database which will run whenever it’s viewed. And what can run is up to the attacker – creating backdoors, stealing credentials, malicious redirects and more.

Important Information For WordPress Users

Read More

Magento vulnerability

The Magento Remote Code Execution Vulnerability

Earlier this week, a remote code execution vulnerability against Magento, the eBay-owned free and paid eCommerce platform, was released. Security researchers chained together multiple smaller vulnerabilities to ultimately run arbitrary code on the server Magento is hosted on.

Read More

XSS vulnerability - cross-site scripting

XSS Vulnerability Found In WP Super Cache Plugin

A cross-site scripting (XSS) vulnerability was recently revealed in the WordPress caching plugin, WP Super Cache.

What Does The WP Super Cache Plugin Do?

WP Super Cache converts dynamic WordPress pages into static HTML.  This creates pages that are quicker to serve to visitors than a database-generated page. Great for high traffic sites, WP Super Cache’s popularity has garnered over a million downloads.

Read More

SiteLock Website Security

Malware Decoded: How SiteLock Cleans Infected Websites

Identifying and cleaning malware is part of our everyday life here at SiteLock, and we know for many website owners cybersecurity can be an intimidating topic. That’s why we thought we’d share a simple case of what a common infection looks like, and demonstrate how SiteLock finds, fixes, and prevents malware.

During a malware clean of a new customer’s site, we found some simple, well-known malware — a perfect example for an introductory post on malware. The site was compromised through an arbitrary file upload and malicious code was ultimately injected into the index of the site. Likely an automated process, the code was injected before the closing <body> tag.

Read More

Yoast SQLi injection

SQL Injection Vulnerability In Yoast WordPress SEO  

This past Wednesday, Yoast, makers of one of the most popular WordPress plugins, WordPress SEO by Yoast, disclosed a blind SQL injection vulnerability against authenticated users given a successful cross site request forgery (CSRF) attack.

What is blind SQL injection and CSRF, how can the WordPress SEO vulnerability affect your site, and what should you do about it?

Read More

Page 4 of 5

Powered by WordPress & Theme by Anders Norén