Category: Cyber Attacks (Page 1 of 8)

website security

The OWASP Top 10: Sensitive Data Exposure

Sensitive data exposure is an all too common cyberthreat that endangers businesses and their customers, as well as websites and their visitors. More frequently known as a data breach, sensitive data exposure ranks as one of the top 10 most dangerous cyberthreats by OWASP (Open Web Application Security Project) because of the damage it can do to its victims.  Fortunately, you can prevent this threat from affecting your website – we’ll discuss how sensitive data exposure occurs and ways to keep your visitors’ information safe.

What is the OWASP Top 10?

The OWASP Top 10 is a list of the ten most dangerous web application security flaws today. Sensitive data exposure currently ranks sixth on this list. The purpose of OWASP and the Top 10 is to drive visibility and evolution in the safety and security of software.

Read More

SiteLock Reviews: Vic’s Tree Service Springs Back to Life with Website Security [Case Study]

Company Overview

Vic’s Tree Service prides itself in preserving “the beauty of nature in your own yard.” Founded in 1978, the company has provided quality tree and landscape care to the Great Falls, Virginia community for forty years. They specialize in tree care, tree stump removal, and can even show customers how to cut down a personal Christmas tree. Due to the company’s growing popularity, Vic’s Tree Service launched its website, vicstreeservice.com, to improve their marketing efforts and assist prospective and current customers.

Read More

The OWASP Top 10: Broken Authentication & Session Management

Did you know a whopping 113 million websites contain a security vulnerability? That’s approximately six percent of all websites globally. A website vulnerability is a weakness in website code that cybercriminals can exploit to gain unauthorized access to a site—and a mere one vulnerability has the power to impact over 1,000 pages on a single website.

Let’s talk about one of the most common types of vulnerabilities on the OWASP Top 10: broken authentication & session management. Simply stated, broken authentication & session management allows a cybercriminal to steal a user’s login data, or forge session data, such as cookies, to gain unauthorized access to websites.

Read More

how to tell if a website is secure

How Can I Tell If a Website Is Safe? Look For These 5 Signs

Every website owner should take responsibility for ensuring the safety of its visitors, but unfortunately, some websites just aren’t secure. An unsafe website can spread malware, steal your information, send spam, and more. To protect yourself and your personal information, it’s important to know that a website takes your safety seriously – but how can you tell? Look for these four signs that a website is safe:

1. Look for the “S” in HTTPS

If HTTPS sounds familiar, it should – many URLs begin with “https” instead of just “http” to indicate that they are encrypted.This security is provided by an SSL certificate, which protects sensitive information entered into that site as it travels from the site to a server. Without an SSL certificate, that information is exposed and easily accessible by cybercriminals. It’s important to note that HTTPS isn’t the only thing a website can – or should do – to protect its visitors, but it’s a good sign that the website owner cares about your safety. Whether you’re logging in, making a payment, or just entering your email address, check that the URL starts with “https.”

Read More

SiteLock Website Security

Identifying Common Types of Cyberattacks

Is your website behaving strangely? Have you noticed it’s taking a long time to load, or that there are new pages, lines of code, or files on your site you didn’t create? Or perhaps you’ve seen a drastic decrease in site traffic, or you suddenly can’t log in as an admin? These are just a few visible signs that your site might be experiencing a cyberattack.

Of course, just because you’re not experiencing any of these symptoms doesn’t mean your website is secure. In fact, it’s possible for attacks and infections on your website to go undetected for years. To help ensure your site isn’t a target for cyberattacks, you need to know what you’re dealing with. In this blog, we’ll discuss what cyberattacks are, the most common types of attacks your website is likely to face, and most importantly, how you can prevent them.

Read More

Malware

Pluginsmonsters Fake Plugin Allows Access to WordPress Sites

The SiteLock Research team has become aware of sites infected with fake WordPress plugins that provide cybercriminals with backdoor access and allow them to inject malicious content onto web pages. Below is a high-level overview of the plugins and malware being detected by our scanners and analyzed by SiteLock Research analysts. We also cover effective tips to help protect your site.

Read More

cyberattacks 2018

What Website Owners Need to Know About Cyberattacks In 2018

Imagine if one in every 15 websites you visited was secretly taken over by cybercriminals trying to steal your credit card information or other personal data. Now imagine if that website was your website, and you had no idea it was harming your visitors. This is the reality for many website owners, and now more than ever, they  need to be on alert for cyberattacks in 2018.

In Q3 2017, SiteLock discovered alarming cybercrime trends that will likely affect websites for months to come. The most worrying trend for website owners: cybercriminals are increasingly using malware, or software that is used for malicious purposes, to take advantage of website visitors. In fact, nearly 15 percent of malware attacks targeted website visitors with the goal of exploiting them for sensitive data, website traffic, and other assets or resources. That’s not all: cybercriminals attempted to compromise more websites in Q3 2017 than in the previous quarter, increasing their attempted attacks by 16 percent

Read More

Decoding Security Episode 103: Internet of Things

Internet-connected devices can make our lives easier, from home assistants like Amazon Echo, to interactive toys like CloudPets. However, they’re also inherently insecure and easily hacked, a factor many overlook in favor of convenience.  In our latest Decoding Security podcast, Website Security Research Analysts Jessica Ortega and Michael Veenstra discuss the risks of using internet-connected  devices in our everyday lives, and the costs of security versus convenience.

Missed our last episode: Securing Your Website? Don’t worry, you can now subscribe to Decoding Security on YouTube, as well as  your preferred podcasting service, including iTunes and Google Play!

Malware Removal

How Website Vulnerabilities Are Getting Your Site Hacked

We all know someone who’s been in a difficult position following a security breach. They are rushing to assess the damage, while simultaneously repairing website functionality to limit the compromise. It’s a stressful situation, especially if you’ve had to deal with a compromise more than once. Unfortunately for some website owners this is a reality — shortly after the initial security breach, the website becomes compromised again. It leaves the website owner asking why their website is being targeted and how the website re-infection is happening.

The short answer is that it’s most likely due to unresolved website vulnerabilities. While it may seem like you’ve been singled out and targeted by some menacing hackers, most of the time that isn’t the case. The majority of website compromises are preceded by automated campaigns that locate websites vulnerable to a particular exploit the hacker wishes to employ. The bottom line is, you aren’t the target that the hacker is singling out, it’s the software on your website. There are a couple main culprits for this scenario.

Read More

website security

What is a Website Vulnerability and How Can it be Exploited?

Websites experience 22 attacks per day on average— that’s over 8,000 attacks per year, according to SiteLock data. A website vulnerability is a weakness or misconfiguration in a website or web application code that allows an attacker to gain some level of control of the site, and possibly the hosting server. Most vulnerabilities are exploited through automated means, such as vulnerability scanners and botnets. Cybercriminals create specialized tools that scour the internet for certain platforms, like WordPress or Joomla, looking for common and publicized vulnerabilities. Once found, these vulnerabilities are then exploited to steal data, distribute malicious content, or inject defacement and spam content into the vulnerable site.

Read More

Page 1 of 8

Powered by WordPress