Cybersecurity News

We have all seen it in the news lately: Critical infrastructure and organizations being hit with ransomware attacks; bringing operations to a screeching halt. In many cases these ransoms are paid which further incentivize more bad actors such as REvil, EvilCorp and DarkSide to continue their malicious attacks. As of May 2021, ransomware attacks have almost doubled, with 43% of all ransomware attacks affecting SMB’s. Additionally, the ransom amounts associated with these attacks have been exponentially increasing with the average ransom costing small to medium sized businesses (SMB’s) $380,000 on average. It is largely speculated that most of these cyber criminals have international ties back to Russia where little investigation and prosecution is taken on them.

In the age of data, with organizations creating trillions of gigabytes of new information each year, it’s easy to think of cybersecurity as a mere synonym for “data protection.” But cybersecurity is so much more. By shielding companies’ data and systems from organized criminal attacks, cybersecurity programs also protect businesses from operational interruptions, financial losses, legal penalties, and the destruction of customer trust.

The ugly news about Russian interference in the U.S. presidential election forced the issue of cybersecurity into the political spotlight in 2016. Since this catalytic event, political leaders have grappled with cybersecurity awareness on a global stage — and not all have done so gracefully.

As cyberattacks become increasingly automated, website owners must come to the realization that it might be time to fight fire with fire. Manual detection and removal is becoming increasingly unrealistic — even with the most highly skilled team of cybersecurity specialists at your disposal.

Security is one of the most important aspects of any website. This is especially true today considering the fact that cybercrime continues to be a serious threat for businesses and users. The FBI states that “Cyber intrusions are becoming more commonplace, more dangerous, and more sophisticated.” In fact, websites experience a staggering 62 attacks per day, according to SiteLock research. Now more than ever, small businesses need a cyber security checklist when building and maintaining their websites.

If we concentrate hard enough, most of us can leave our personal biases out of our critical thinking. However, we’re not always consciously aware of the most persistent bias of them all: optimism. The optimism bias is the unfounded belief that we’re more likely to experience positive results than negative ones, even when tangible evidence suggests otherwise.

SiteLock research and remediation teams have become aware of several WordPress plugin vulnerabilities that are affecting our customers. The symptoms most commonly associated with these WordPress plugin vulnerabilities are malicious redirects. Essentially, visitors are being sent to another website than the one they are attempting to access. We are still gathering information on these vulnerabilities, and how they are being used. As soon as we have completed our review, we will release more information.

Don’t just pay attention to the man behind the curtain, tear the curtain down and burn it. That’s been the general sentiment among the InfoSec community on Twitter this past week in the wake of the discovery of multiple vulnerabilities intentionally built into the popular pipdig Power Pack (P3) plugin. I could easily write 3,000 words digging into the code, but that’s been covered incredibly well already by other researchers. Instead, I’m going to focus more on the effects of this situation, and on how we as a security-minded community can make a difference going forward.

The popular e-commerce CMS platform, Magento, announced multiple security updates to their commerce and open source versions on March 26, 2018. More than 250,000 active Magento installations are affected by this security flaw, including versions 2.1 prior to 2.1.17, 2.2 prior to 2.2.8, and 2.3 prior to 2.3.1.

California has a history of creating legislation that creates a ripple effect that affects consumers in other states. While the laws only affect California, they often push companies into adopting the rules broadly – for example, California’s strict auto emissions standards have been adopted in 16 other states since 2004. “What California does definitely impacts the national conversation,” says state Senator Scott Wiener. As the home of some of the biggest names in technology, it���s no surprise that California’s legislators are especially concerned about cybersecurity. In 2018 alone, California has passed several laws that they hope will inspire other states – and ultimately, Congress – to passing cybersecurity laws that better address the issues of our time. However, these California cybersecurity laws have also attracted criticism from tech companies, cybersecurity experts, and the Federal Government. These California cybersecurity laws may come to affect you, which is why we’ve created this guide.