Category: SiteLock Research Page 4 of 5

Defaced by AnonGhost

Don’t Panic: Website Defacements from 2015

Bad actors have attacked websites since the beginning of the internet. They have many reasons for taking over websites — money, infamy, politics, curiosity — though nothing grabs attention more than the visual defacement of a site. Website defacement occurs when a bad actor gains access to the site files, and replaces the index or home page with their own page.  We’ve seen many of these over the last year, but what are the real consequences for the sites that are defaced? We’ll discuss the effects of a defacement on a website, and the reasons why they happen.  We will also outline what you should know about defacements and how to secure your site against them.

What Is A Website Defacement?

AnonGhost website defacement

Read More

Adobe Flash player

Moving On From Adobe Flash

With any web technology there comes a time to move on to the next level. Adobe Flash is notoriously insecure, resource intensive, and poorly supported on mobile devices. The process for phasing out Flash has been underway for some time, and now may be an advantageous time for developers and end users to move on from Adobe’s long-time media platform.

This week we’ll discuss:

  • The reasons you may want to move on from Adobe Flash
  • What alternatives exist and their advantages
  • What you can do specifically as an end user and site owner

Read More

SiteLock Website Security

It’s a Holiday Security Breach Blowout

This week we have a personal story for our readers. It’s a heartwarming tale of multiple mass data compromises, which affected yours truly. We’ll also discuss how major data breaches occur, and what you can do to protect yourself in the Age of the Large Data Breach.

Read More

Malicious WordPress plugin site

Malicious WordPress Plugin Adsense High CPC

While scanning website files, SiteLock SMART flagged three particular files as suspicious.  Inspection of the files by the SiteLock research team ultimately determined that a malicious WordPress plugin was being actively hosted, used by unsuspecting site owners, and spread via YouTube.

In the following article, we will:

  • detail the malware contained in the malicious plugin
  • reveal the relationships between the malicious plugin and other websites
  • discuss mitigation for sites using the plugin and how to avoid such situations

Read More

Security

What Is Security?

First, let’s tell you what security is not. Security is not safety.

Security is on everyone’s mind at this festive time of year. As more and more consumers move their shopping online, e-commerce security and the security of personal information naturally comes to the forefront. But what is security?

It’s a large and nebulous topic to which entire areas of study are dedicated, and the average website owner can’t be expected to be an expert, let alone a consumer. That’s why we’re taking this opportunity to answer this question and hopefully provide a foundation of understanding to help all site owners and consumers better assess their security needs.

Read More

malware email addresses

Looking at 1,000 Malware Email Addresses

Why Email Addresses?

When the SiteLock support teams clean malware from websites, it’s not unusual to find email addresses somewhere in the injected code.  So the research team decided to dig into some of those  malware email addresses to see what we could learn.

With the help of the SECCON (security concierge) and Expert Services teams, we gathered over 1,000 email addresses in short order. We hoped to see potential patterns such as highly used email providers and learn how the addresses were used, with the added benefit of providing a list of strings to detect malware.

Where Malware Email Addresses Can Be Found

The list of 1,012 email addresses consists mostly of phishing repositories, with some shell install and login notifications, ego addresses, and a few spoofed “From” addresses from phishing files. The full list of malware email addresses is found at WSTNPHX’s GitHub page.

Read More

WordPress plugin vulnerability

SiteLock Research Team Uncovers WordPress Plugin Vulnerability

The SiteLock Research Team will have many firsts as it develops. This week we’ll discuss the first reported and patched vulnerability the team found, a minor cross-site scripting vulnerability in Testimonial Slider.

The team has been working on putting together a new vulnerability research process.   During the creation of this process, we tested a not-so-randomly chosen WordPress plugin, Testimonial Slider. We chose Testimonial Slider for no other reason than it was a slider plugin, after the recent Revolution Slider exploit.

What Does Testimonial Slider Do?

Testimonial Slider, developed by SliderVilla.com, displays customer testimonials in a responsive slider and has over 10,000 installs. We analyzed version 1.2.1 using SiteLock TrueCode and manual analysis.

Read More

how to prevent security breaches

This Week in Exploits: What Are XSS Vulnerabilities? Part 2

In last week’s “episode” of ‘This Week in Exploits’, we talked about Cross-Site Scripting (XSS) and specifically reflective XSS vulnerabilities, the most common type of XSS flaw. We now know roughly what a XSS attack is, and some of what a reflected XSS attack does, but why do XSS attacks exist? How can they be used?

 

Read More

XSS vulnerability - cross-site scripting

What Is An XSS Vulnerability? Part One

In the world of websites, hackers have a variety of tools to intrude on people’s domains. These hacks, which take advantage of vulnerabilities in a site’s code, are categorized by projects like the OWASP Top Ten.

According to the OWASP assessment, the top three most common attacks are:

  • Injection
  • Weak Authentication and Session Management
  • Cross-Site Scripting (XSS)

 

As new vulnerabilities are discovered, we still can see that a large portion of these vulnerabilities are XSS-related vectors.

Read More

browser-security

How Browser Security Can Help Website Security

Modern browsers are more than programs used to peruse the web. Browsers are tools used to communicate, develop, conduct financial transactions, and interact with government agencies.

This week we will discuss browser security, and how it can impact website security. As a website is the portal to a company’s online presence and resources, a browser is the entryway into a user’s workstation computer and the data within.

Just How Important Is Browser Security?

The link between browser security and website security is not conflated. Here at SiteLock, we’ve seen many sites compromised through stolen FTP credentials, and entire company file stores lost to ransomware.

Browsers were the likely point of entry of these compromises.  Every website owner and web developer is sure to use a browser, most likely multiple browsers, to access the website hosting or accessing site files and credentials.  Again, the browser is the portal from the open web to the workstation.   Below, we’ll cover the steps necessary to better secure this entry point.

 

Read More

Page 4 of 5

Powered by WordPress & Theme by Anders Norén