Looking for a date in time for Valentine’s Day? If you’re using Tinder, be careful when swiping right. Cybersecurity researchers discovered security flaws in the popular dating app that could allow hackers to discover users’ private data and personal preferences, like the photos of users they’ve swiped right or left on. In other cybersecurity news, a cybercrime “conglomerate” named Zirconium has been found responsible for the largest malvertising operation of 2017. Using a network of 28 fake ad agencies, Zirconium strategically placed ads that led users to malicious websites pushing scams or fake software updates. The campaigns were so successful – and so sneaky – that they generated 1 billion ad views in 2017.
Page 17 of 63
Nancy is a small business owner who runs an ecommerce store selling women’s clothing. She knows there’s a lot of competition out there, so she works hard to make her customers happy. She’s found that one of the best ways to attract new customers and keep them coming back is by creating a feature-rich, user-friendly website that visitors love to use. Nancy’s website provides an easy shopping experience for her customers thanks to the features included with ecommerce plugins like Magento and WooCommerce. It also includes linked social media accounts, videos, pages of merchandise, and more!
One day, Nancy woke up to an inbox full of emails from frustrated customers. Something was wrong with her website!
Dawn H. spent 30 plus years working in the IT industry before deciding to make a career change. Having recently lost 120lbs in 14 months, she developed a personal connection with a women’s shapewear brand and decided to purchase the company in November 2016.
As any small business can attest to, a website is central to establishing their brand. It not only acts as the face of the business but is also the primary point of contact for customers and a profitable asset. Ninety percent of all Dawn’s business is conducted online through an e-commerce WordPress site. The site is also optimized for mobile use and provides an easy checkout experience. This makes it essential that her website is running safely and securely at all times.
Not long after purchasing the women’s shapewear brand, Dawn was slated to attend and exhibit at one of their biggest retail trade shows of the year on the West Coast just before the holiday shopping season. Attending this show was vital to driving brand awareness as well as traffic to her website, which would generate sales. About 12 hours before Dawn and her team were supposed to leave for the event, she received an email from Google saying her website had been hacked. Upon doing her own Google search she discovered that listed under her website name, in big red letters, were the words “THIS WEBSITE MAY BE HACKED.” After further investigation, it was determined that her website had most likely been Google blacklisted for several days before Dawn was even aware. Now in panic mode, Dawn immediately contacted her hosting provider who immediately put her in touch with SiteLock.
Solution and Result
Thanks to the SiteLock customer service team which operates 24/7/365, Dawn was able to get in touch with a SiteLock security consultant mere hours before her show. SiteLock quickly diagnosed the problem and explained that her e-commerce website had experienced multiple hacks in the form of email spam, URL’s referencing spam, and malware. These were security issues that, if left unattended, could have put customer data at risk. SiteLock told Dawn not to worry, and assured her that they would have the issues resolved within four to six hours. Although overwhelmed by the unexpected circumstances, Dawn was grateful for the personal attention and quality support she received from the SiteLock team.
“SiteLock took the time to explain to me exactly what was wrong with my website and helped recommend the right security solution to prevent my site from being hacked again.”
Dawn was relieved to wake up the next morning and see that her website was up and running, no longer blacklisted. Unfortunately, the very next day, her site was once again suspended. This time, Dawn’s hosting provider had found additional spam and malware in old backup files and folders that SiteLock did not have initial access to. Dawn immediately contacted SiteLock, who set up a conference call with the hosting company to help resolve the issue. Dawn explained, “I was so impressed because SiteLock worked directly with my hosting provider to ensure all issues were taken care of and that my website was back up and running smoothly before we hung up the call.”
As a small business owner without an IT department, it could have cost Dawn thousands of dollars to get her website back up, not to mention the potential for lost sales. Together, SiteLock and Dawn were able develop the right security solution for her website utilizing SiteLock TrueShield: Enterprise and SiteLock INFINITY. By taking a proactive approach to website security, Dawn has confidence knowing her website is protected and can focus on growing her business.
Since partnering with SiteLock, Dawn is much more aware of how easily hackers can target and successfully penetrate a website. Dawn recounted, “I never really thought this could happen to me. I assumed my hosting provider was securing my website. It was a tough lesson to learn that website security is actually my responsibility, but one that allows me to now educate others so it doesn’t happen to them.”
Today, Dawn has peace of mind that her site is secured with SiteLock, and her business can continue to run smoothly. Dawn especially loves the detailed report she receives that shows her just how many attacks continue to be blocked each week.
She is also amazed at the exceptional customer service SiteLock provides. “Every single day my account manager calls me to provide an update on my site. He just calls and says, “Hi Dawn. I have just started my shift and checked the reports on your site and everything is running smooth.” I mean, how many people do that? Maybe a few. How many do that every day? No one!” Dawn said.
Advice for other Small Business Owners
Dawn also has some advice for other small business owners in hopes of preventing them from having to go through the same ordeal that she did.
“My advice to small businesses is simple and straight forward. You need to create a security plan and be proactive in securing your website. Don’t think it won’t happen to you.”
We offer a suite of comprehensive and affordable website security solutions to ensure that your website stays free of malware. For more SiteLock case studies, visit www.sitelock.com/reviews. You can also read a brutally honest review of SiteLock on WPBuffs.com.
On January 16, 2017 WordPress released version 4.9.2, which included several security updates, as well as bug fixes for all versions after WordPress 3.7. WordPress has reported that a cross-site scripting (XSS) vulnerability was found in a group of files used to play Flash videos, which was included with all WordPress versions after 3.7. However, because most browsers no longer require these files to play video content, upgrading to version 4.9.2 removes these files. Due to the nature of XSS vulnerabilities, it is highly recommended that WordPress users update their websites immediately to avoid possible compromise.
WordPress notes the following bug fixes and features in particular:
- Browser issues specific to Mozilla Firefox that prevented saving posts have been corrected.
- Widget settings will be restored when switching themes in the application settings.
SMART PLUS, SiteLock INFINITY, and Patchman users are protected from this security issue, as SMART/PATCH and the Patchman libraries have been updated with secure patches that protect plugins and themes reliant on their current versions. It is still advised that website owners plan full version upgrades as soon as possible to take advantage of the new features and full list of bug fixes in WordPress version 4.9.2.
For more information about how SiteLock can help protect your websites from vulnerabilities and malware, contact us at 855.378.6200. We are available 24/7/365 to help!
We’re just days into 2018 and cybersecurity already has its first major headline of the year: Meltdown and Spectre. By exploiting common features found in modern microprocessors, cybercriminals have been able to use the attacks known as “Meltdown” and “Spectre” to steal sensitive information from any computer, device, and even the cloud. We’ll walk you through how and why Meltdown and Spectre happened, and which security patches are already available.
We’ll also provide an overview of the principle of least privilege, the concept of restricting user permissions as a preemptive security measure. Join our hosts, security analysts Jessica Ortega and Ramuel Gall, as they provide important tips that everyone, from parents to CTOs, can use to protect themselves from the cybersecurity risks caused by human error.
Want to learn more about how both businesses and individuals can improve their cybersecurity savvy? Check out our past podcasts on endpoint and website security or social media security. For more Decoding Security, subscribe on YouTube, iTunes, or Google Play!
As cybercrime grows and evolves, malware remains a constant weapon in a cybercriminal’s armory. Malware, short for malicious software, is created with the intent of causing harm to a website or computer. Website malware can be used to steal sensitive customer information, hold websites for ransom, or even take control of the website itself. In many cases, victims of malware may not realize they’ve been attacked until it’s too late.
Over one million new malware threats are released daily, so knowing what you can do to check for and combat malware is essential for all website owners. To protect your website, it is critical to take matters into your own hands and become proactive about website security. There are two primary ways to do this; the first is by learning to check for signs of malware manually. The second, and most effective, way to protect against malware is by using a website scanner that detects malicious content and automatically removes it. Follow these steps to check your website for malware, starting by recognizing the common symptoms of malware.
As a startup, your website is critical to your success: it’s the face of your business and likely your primary channel for revenue and lead generation. However, your website and your business are put at risk every day by an unseen threat: cyberattacks.
The average website experiences 59 attacks every day, any of which could result in stolen customer data, blacklisting by search engines, or suspension by your web host. A successful attack on your site could also impact revenue, tarnish your reputation, and degrade customer loyalty. To protect against a possible cyberattack and mitigate the consequences it could have on your business, you’ll need to invest in website security.
If your New Year’s resolution is to protect yourself from cyberattacks, you’re in luck! This week on Decoding Security, security analysts Jessica Ortega and Ramuel Gall share their predictions for the top cybercrime trends in 2018. Our hosts also identify ways you can arm yourself against these ever-evolving threats. We don’t want to give away their predictions, but we’ll give you a hint: if your holiday gifts included a digital assistant like Amazon Alexa or Google Home, be sure to tune in!
We’ll also catch you up on the latest cybersecurity news, including the 25 Worst Passwords of 2017 and a leaky server that exposed 300,000 email addresses and login credentials from Ancestry.com.
Happy New Year from SiteLock and Decoding Security! Our New Year’s resolution is to continue to bring you a fun and informative podcast, so make sure you keep up by subscribing on YouTube, iTunes, or Google Play!
Patchman, best known for patching application vulnerabilities and helping hosts stop abuse before it begins, is expanding its product offering for the first time since being acquired by SiteLock in July 2017. Patchman, which is based in the Netherlands, was founded in 2015 with the goal of securing CMS applications from the hosting provider level to protect customers who did not update their applications in a timely manner. Up until now, Patchman has focused on the “Big Three” of open source content management systems – WordPress, Joomla!, and Drupal – covering core application vulnerability patches. Now, for the first time, Patchman is expanding their offerings into both ecommerce and plugins – offering patches for Magento core vulnerabilities and WooCommerce vulnerabilities.