Page 21 of 62

WordCamp Europe 2017 Recap

After a year of waiting and months of planning, SiteLock finally landed in Paris, France for our second year at WordCamp Europe! We sponsored the event again this year and were overwhelmed by the attendance of 1,900 people from 79 countries. Not to mention the 1,000 viewers who live-streamed the event, totaling a count of 2,900 WordPress enthusiasts!

For those of you who were at the show, you probably met at least one person in red from the SiteLock crew. From left to right, we sent these handsome folks below (note, I’m the one in the middle!).

SiteLock President Neill Feather, Executive Vice President Tom Serani, and Evangelists Logan Kipp and Adam Warner, and Inside Channel Developer Brandon Goldberg

For those of you who couldn’t make it, we’ve recapped the event with some of our favorite moments below.

Read More

ftc protecting small businesses

New Government Website Highlights Small Business Cybersecurity Risks

The US Federal Trade Commission (FTC) recently launched a new website aimed at educating small business owners on the risks of cybercrime and the steps they can take to protect their business.

“Small businesses are critical to our economic strength, building America’s future, and helping the United States compete in today’s global marketplace,” said FTC Acting Chairman Maureen Ohlhausen. “This innovative new website is a one-stop shop where small businesses can find information to protect themselves from scammers and hackers, as well as resources they can use if they are hit with a cyberattack.”

Read More

Malware

Trending “Fireball” Adware Raises Botnet Concerns

Earlier this week, security researchers reported on a trending adware infection known as Fireball. Sourced to the Chinese marketing firm Rafotech, reports indicate a footprint of more than 250 million infected machines worldwide. While the infection currently appears to only make changes to victims’ browser homepages and search engines, analysis suggests that the software could be remotely leveraged to act as a malware dropper. A malware dropper is a program that can be used to remotely install malicious software onto a victim’s computer or network. This can be performed after any amount of time following the installation of the dropper itself.

If true, it’s possible that infected systems could be made part of a botnet and used to carry out new types of attack over the Internet.

The Fireball adware is being distributed via freeware software installers through a method known as bundling. You’re likely to have seen bundling yourself at some point. Legitimate software developers use bundling as a way to monetize the release of otherwise free software. When you download and install such a program to your computer, you may notice that you’re being asked to install additional, unrelated software, like toolbars or free trials of a different company’s programs. While annoying, most cases of bundling are simply a way for developers to make money while releasing a free product. However, this can also be used to deliver PUA (Potentially Unwanted Applications), like adware, software that can track your behavior online and serve advertisements based on this data.

Because of this, it’s important to remain mindful of the sources of programs you install. Cracked versions of paid products frequently include malicious files that can be used to infect your systems. For website owners, this also applies to pirated versions of software that you might want to install on your website, like premium WordPress plugins and themes. Even if the pirated files are free of malware, they do not typically receive security patches from the original developers, or they could be configured to download a malicious component at a later time. This can open your website to a myriad of vulnerabilities that can be exploited by attackers to cause further damage to your online reputation.

Another point to consider, in the wake of Fireball’s massive online footprint, is the potential for damage caused by a botnet of this size. Malicious tasks that would be practically impossible for a single machine to perform (bulk hash cracking, login bruteforcing, denial of service attacks, etc.) become trivial when an attacker can utilize a quarter billion machines simultaneously to accomplish their goals. The potential for mobilization on this scale means it’s as important as ever to ensure tight security on all of your systems.

Strong passwords are a good start. Changing passwords regularly is another important step, given the frequency of major data leaks across the internet. By changing your credentials, you render a previously leaked password useless.

Protecting your website from bot traffic is a critical step in preventing malicious activity on your site. SiteLock TrueShield, a web application firewall,  provides effective traffic filtering that can drastically limit the impact of these attacks. Contact a SiteLock Website Security Consultant at 855.378.6200 to find the right security package for your business. We are available 24/7/365 to help.

What is WordPress Multisite and Who Should Use It?

In this post, we’re going to look at the Multisite feature of WordPress. We’ll learn what it is, when to use it, and when not to use it. We’ll also cover a few important best practices to keep in mind when running WordPress Multisite.

When you enable Multisite in WordPress, you have the ability to create a network of individual WordPress sites on a single installation of the software. Enabling, configuring, managing, and growing a WordPress Multisite-powered website is not for novice users, but depending on the goals of your business, it just might be the perfect solution.

Read More

10 WordPress Website Performance Best Practices

If you’re reading this article, it’s almost certainly not the first website performance article you’ve browsed. Let’s be honest, practically everyone has an opinion on the matter and you would probably deforest half the Amazon rainforest if you tried to print each article you’ve come across. Since we all want to save the habitat of the endangered Amazonian Wapuu and skip the conjecture, I’d like to share with you my 10 WordPress website performance best practices that provide gains you can actually measure.

Read More

The Ballooning Cost of Cybercrime

The legal industry finds itself in the upper echelons of companies when it comes to the fiscal impact of a cybercrime. However, many are ignoring this risk. According to the American Bar Association’s (ABA) 2015 Legal Technology Survey, about half of firms said they had no response plan in place to address a cybersecurity breach.

Furthermore, Cybersecurity Ventures predicts the costs associated with a cyberattack could balloon to $6 trillion globally by 2021. To put that in perspective, if cybercrime were a country, the number would represent the fourth highest Gross Domestic Product (GDP) in the world.

To better understand the costs associated with cybercrime it is helpful to group the expenses in two buckets, direct and indirect.

Read More

How to Install and Configure the SiteLock Plugin (Video Tutorial)

In our Beginner’s Guide to the SiteLock Plugin for WordPress, we showed you the benefits of proactively preventing malware and hacking attempts on your WordPress website. In this video, you’ll learn exactly how to install and configure our plugin and connect it to a SiteLock account.

Read More

WordCamp Jacksonville – A True All Things WordPress Conference

Last week I attended and spoke at the second annual WordCamp Jacksonville. It was my first time attending this camp and it didn’t disappoint. As the title of this post suggests, it seemed there was something for every type of WordPress user, and that’s not always an easy feat to achieve.

Read More

SiteLock Threat Intercept

Threat Intercept: Malvertising via JavaScript Redirects

This article was co-authored by Product Evangelist Logan Kipp.

THREAT SUMMARY

High Threat
WordPress Website Security Threat Level
Learn More

Category: Malvertising / Malicious Redirect

Trend Identified: 5/17/2017

CVE ID: N/A

Trend Name: Trend El Mirage

Vector: Application Vulnerability, Multiple

The threat rating was determined using the following metrics:

Complexity:

MEDIUM: The vector used to infect websites appears to be through the use of leaked compromised passwords.

Confidentiality Impact:

HIGH: This infection provides complete control of the target website, including database content.

Integrity Impact:

HIGH: This infection provides the adversary administrator-level access to impacted website applications, making total data loss a possibility.


The SiteLock Research team has identified a trend of JavaScript injections causing the visitors of affected websites to be automatically redirected to advertisements without the knowledge of the website owner.

This infection impacts WordPress sites across all versions, but the affected websites identified at this time all show evidence of recent infection by a fake WordPress plugin that performed malicious redirects as well. The previous infections were determined to have been distributed via a botnet using a database of leaked login credentials, suggesting this new attack may similarly be accessing sites via compromised WordPress administrator credentials.

The malicious code becomes embedded into existing JavaScript files in the affected sites, ensuring that the code will be executed in visitors’ browsers regardless of their activity on the site.

The code as it appears in the injected files is obfuscated, which means it’s written in a way that makes it difficult for humans to read. This is the malicious script as it appears in the affected files:

WordPress Malvertising via JavaScript Redirects

Obfuscated JavaScript responsible for malicious redirects.

After decoding this file, we are able to determine the specifics of how it behaves:

WordPress Injected Javascript Malware

Decoded and formatted version of the injected JavaScript.

The redirect takes place immediately after loading a page including the infected JavaScript, after which a cookie is stored in the visitor’s browser called “csrf_uid” that expires three days after being created. The naming of this cookie is an attempt to hide in plain sight, as CSRF (Cross-Site Request Forgery) protection cookies are commonplace in many websites across the internet. While the cookie is active, no further redirects will take place. This provides two benefits to the attacker. First, the ad network will be less likely to identify suspicious behavior and flag the attacker’s account. Secondly, it makes the redirects more difficult to identify and duplicate by the sites’ owners and administrators, decreasing the likelihood that the specific infection will be identified and removed.

What is a website cookie?
Cookies are pieces of data that websites store in your browser for later use. Sites use cookies for a number of legitimate reasons, from storing login sessions to analytics of how users are browsing the site.

Fortunately, despite the nature of these redirects, no malicious activity has been identified in the advertisements themselves, meaning a system infection occurring after these redirects is unlikely.

Because the attack vector of this infection appears to be leaked login credentials from unrelated data breaches, it is very important to ensure that strong password policies are in place on your site. Avoid using the same password across multiple locations to prevent one service’s breach from exposing your accounts elsewhere. If you determine that your data has been part of a publicized breach, change your passwords immediately. Also, consider using a breach checker to identify if your email address has been associated with any public data breaches in the past, as this would be a major indicator that password changes will be necessary for your accounts.

If you are a website owner and you believe your website has been impacted by this infection, contact SiteLock as soon as possible at 855.378.6200. Our SMART scan began rapidly identifying and cleaning instances of this infection within 24 hours of being initially identified.

Read More

SiteLock Unlocked: A Day in the Life of a Website Security Research Analyst

Welcome to SiteLock Unlocked, our new blog series that provides exclusive one-on-one interviews with the awesome team members here at SiteLock. Through this series, you’ll get an inside look at the more personal side of SiteLock. We’ll interview different SiteLock members from various departments to highlight how their dedicated efforts contribute to your website security.

To kick-start our series, we sat down with a member of the SiteLock Research team to showcase what a day in the life as a SiteLock Website Security Research Analyst looks like.

Read More

Page 21 of 62

Powered by WordPress & Theme by Anders Norén