Page 23 of 66

SiteLock

SiteLock INFINITY Wins 2017 Cloud Computing Excellence Award

We are excited to announce that SiteLock®INFINITY™ was recently recognized as a winner of the 2017 Cloud Computing Excellence Awards by TMC’s Cloud Computing Magazine. The Cloud Computing Excellence Awards recognize companies and products that most effectively deliver network security through cloud platforms and provide security for cloud based applications.

INFINITY is a state of the art malware and vulnerability remediation service featuring unique, patent-pending technology. INFINITY combines deep website scanning and automatic malware removal with unrivaled accuracy and frequency. Designed to scan a website from the end-user’s point of view, it catches any trace of malware before the user does.

Websites experience 22 attacks per day on average. That’s more than 8,000 attacks per year, per website, according to recent SiteLock data. SiteLock INFINITY provides always-on, continuous scanning to detect vulnerabilities and automatically remove malware the moment it hits. Once the initial site scan is complete, it scans again to ensure constant surveillance and protection with the highest degree of reliability.

Since 2008, we’ve remained dedicated to “protecting every website on the internet,” and SiteLock INFINITY helps us deliver on this mission.

Thank you to TMC’s Cloud Computing Magazine for honoring SiteLock INFINITY with a 2017 Cloud Computing Excellence Award!

 

How SiteLock Saved a Whale Watchers Website [Case Study]

Company Overview

Hyannis Whale Watcher Cruises is dedicated to providing ‘Cape Cod’s Finest Whale Watching!’ Established in 1989, the company brings more than thirty years of experience to whale watching, with an impressive sighting rate of 99 percent. As the company’s popularity grew, its website was forced to expand from an initial online brochure to a comprehensive resource including whale watching information, trip scheduling and online ticket purchasing. These changes also greatly increased customer reach both nationally and internationally.

Read More

SiteLock Podcast Equihax

Decoding Security Episode 101: EQUIHAX

Nicknamed “Equihax,” the recent Equifax breach is one of the largest data leaks in history, affecting millions of people. There has been a lot of discussion about proper incident response, and whether Equifax is following acceptable procedures.

In the debut episode of Decoding Security, SiteLock Website Security research Analysts Jessica Ortega and Michael Veenstra go beyond the cause of the breach to discuss what consumers can do to protect themselves now. And, even more importantly, what consumers can do to protect themselves going forward.

Listen to Decoding Security Episode 101: EQUIHAX

If you enjoyed this week’s episode, visit Decoding Security on your preferred podcasting service to leave a review and subscribe so that you don’t miss future episodes!

Malware

Apache Struts Vulnerability Found and Patched

A vulnerability was recently discovered in Apache Struts, a popular framework for web-based Java applications, which allows for remote code execution on affected servers and allows for complete control of the application. The framework is commonly used by large, sophisticated organizations such as Lockheed Martin and Citigroup, meaning the vulnerability could affect up to 65% of Fortune 100 companies, resulting in large scale data breaches and private consumer data theft.

Found by lgtm.com security researcher Man Yue Mo, the vulnerability stems from unsafe deserialization of user supplied data to the REST plugin, which allows API access to the Java application. Researchers contacted the Apache Foundation directly, allowing the plugin developers to patch the issue before widespread exploitation. As of this writing, at least one live exploit has been seen in the wild, and a Metasploit module was released.

Apache Struts joins a growing fraternity of widely used applications to see an API vulnerability this year, including WordPress and Instagram. WordPress shared a similar experience where the exploit was discovered before widespread attacks, but many users failed to update and suffered compromise and data loss. The Struts vulnerability is more complicated to exploit which should result in a less dramatic rise in attacks. Regardless, patches should be applied as soon as possible, as a proactive security stance is more effective.

Apache Struts users are urged to upgrade to version 2.3.34 or 2.5.13 respectively, and additional information is provided by Apache on the official struts webpage at: https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.3.34 and   https://struts.apache.org/announce.html#a20170905.

More sophisticated exploits are likely to occur as this vulnerability is examined. The best option for mitigation is to patch Struts as soon as possible to the recommended versions and regularly check for updates. Website owners should also consider adding a web application firewall and malware scanner to mitigate or reduce the severity of compromise.

SiteLock TrueShield customers are already protected against this exploit. Attempted attacks will be caught and blocked by the TrueShield WAF. If your website isn’t protected, call SiteLock at 888.878.2417 to get TrueShield installed today.

SiteLock Threat Intercept

Threat Intercept: SiteLock Discovers XSS Vulnerability in WooCommerce Extension

This article was co-authored by Product Evangelist Logan Kipp.

THREAT SUMMARY

Low Threat
WordPress Website Security Threat Level
Learn More

Category: XSS – Reflected

Trend Identified: 7/25/2017

CVE ID: N/A

Threat Name: N/A

Vector: Browser/Javascript

The threat rating was determined using the following metrics:

Complexity:

MEDIUM: While initial exploitation is low complexity, weaponization requires action from the victim.

Confidentiality Impact:

MEDIUM: Successful exploitation of this vulnerability could potentially hijack individual browser sessions.

Integrity Impact:

MEDIUM: Successful exploitation of this vulnerability could potentially hijack individual browser sessions.

What is it?

SiteLock recently found a reflected cross-site scripting (XSS) vulnerability in the WooCommerce “Product Vendors” plugin for WordPress. Reflected XSS vulnerabilities differ from persistent XSS in that each attack is completed in the duration of a single session, rather than permanently modifying the impact site. According to the Open Web Application Security Project (http://www.owasp.org):

The variety of attacks based on XSS is almost limitless, but they commonly include transmitting private data, like cookies or other session information, to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the user’s machine under the guise of the vulnerable site.

 

Who is impacted?

Websites running the WooCommerce “Product Vendors” plugin versions 2.0.35 and older are vulnerable to this exploit. Fortunately, Automattic (WooCommerce’s parent company) patched the vulnerability almost immediately after being contacted by SiteLock. Unfortunately, many site owners do not update their plugins frequently, or at all. If you use Product Vendors for WooCommerce, make sure that you are running the most recent version (v2.0.38 at the time of writing).

 

How was it found?

Our automated scanner alerted us to an XSS vulnerability on a customer’s website, which we determined was due to the WooCommerce “Product Vendors” plugin. What was unusual in this case is that the vulnerable plugin was, at the time, the most recent version, so no patches were yet available for the vulnerability. We immediately contacted Automattic concerning our findings in following our Responsible Disclosure Policy, provided all relevant information on the vulnerability, and coordinated this disclosure.

 

Remediation Steps

The simplest way to fix this vulnerability is to update the plugin to the newest version, which was patched less than a week after the vulnerability was reported. Fortunately for SiteLock TrueShield customers, emergency policy updates were pushed to protect against this vulnerability as soon as it was discovered. However, we still recommend updating WooCommerce Product Vendors to the latest version.

 

Technical details

Overview

WooCommerce Product Vendors is a WordPress plugin which allows eCommerce sites to create a marketplace with multiple vendors, taking commissions from each vendor’s sales. The XSS vulnerability was found in the Vendor Signup form, which can be placed anywhere on the site.

 

Cause

This version of the plugin has a reflected XSS vulnerability because the $_POST parameter for vendor_description, which allows vendors to insert a description of their company, is not properly escaped, allowing arbitrary JavaScript to be executed in a visitor’s browser.

 

Reproduction Steps

In this case, the issue was reproduced using the below cURL request, and verified when the output showed the unaltered script.

Exploitability

$_POST parameter XSS vulnerabilities are often underestimated because it’s not possible to exploit them by directly sending a victim to the vulnerable URL. This difficulty is easily circumvented by first directing the victim to an attacker-controlled form that uses JavaScript to submit itself. As $_POST parameters are not directly visible in the URL, this also hides any suspicious parameters that would appear in a $_GET exploit. Additionally, as $_POST requests do not have the same character limit as $_GET requests, a larger payload can be delivered.

Note: It is also possible to craft a data:// URL that includes a self-submitting form, negating the need for the attacker to control another site. However, many browsers impose a length limit on data URLs, and data URLs are unusual enough to elicit suspicion in a potential victim.

 

Impact

As with all reflected XSS vulnerabilities, the impact depends on the ingenuity of the attacker. Reflected XSS allows an attacker to take control of the victim’s browser for as long as the tab is open on the vulnerable site, and victims are far more likely to leave a tab open on a site that appears to be legitimate. Stealing credentials, hijacking sessions, or exfiltrating payment information entered on the vulnerable site may also be possible, depending on the site’s configuration and the security measures in place.

 

Remediation

If updating to the latest version is not possible, this vulnerability can also be patched by escaping the $_POST[‘vendor_description’] parameter on line 61 of wp-content/plugins/woocommerce-product-vendors/templates/shortcode-registration-form.php using the esc_attr() WordPress function.

 

WordCamp Denver 2017 – WordPress Knowledge Stacked a Mile High

Last week we found ourselves in Denver, CO for another amazing WordCamp. We sponsored the event as part of our global sponsorship program, which also included table space that gave us ample opportunity to meet existing SiteLock customers and explain our website security services to those new to the WordPress community.

Read More

What Kind of WordPress Are You?

The WordPress software has come a long way since its humble beginning in 2003. I can’t imagine that Matt Mullenweg and Mike Little had any idea how much their fork of the b2 cafelog blogging platform would grow, let alone establish a worldwide community of users.

I consider myself lucky to have found WordPress in early 2005, just over a year after its creation. In the almost twelve years since that time, I’ve held  many different WordPress titles and have transformed the way I’ve used it. There are different meanings of the word “users” when it comes to WordPress, and in this post I’m going to discuss some of those definitions.

Read More

5 Best Places to Find WordPress Help

Whether you’ve just started using WordPress or have been an avid user for years, it’s likely that you regularly come up with specific questions on how to fix or improve your website or blog. In this post, I’ll detail my top five favorite sources for finding WordPress help.

Read More

SiteLock

Neill Feather Named One of the Phoenix Business Journal’s Most Admired Leaders

We are thrilled to announce our president and co-founder, Neill Feather, has been recognized as a Most Admired Leader by the Phoenix Business Journal. Neill’s overwhelming contributions to the company, community and industry as a whole have earned him a spot on the publication’s exclusive list.

“It’s a great honor to be included in this year’s list of Most Admired Leaders,” said Feather. “At SiteLock, we have worked hard to strengthen ties between our company and community, so it’s very rewarding to see our efforts pay off.”

Read More

WordCamp Minneapolis / St. Paul 2017 – Double the Fun

I’ve just returned from WordCamp Minneapolis / St. Paul, and what a camp it was! This year’s event was held at the Humphrey School of Public Affairs and Hanson Hall buildings at the University of Minnesota West Bank.

An impressive 450 attendees descended on the Twin Cities to learn and share all things WordPress. If you look close at the image below, you’ll see two planes in addition to the one I was on, all landing in Minneapolis. I’d like to think there were some other excited WordCampers coming in at the same time as my own flight.

SiteLock was among the 450 attendees, and we also  sponsored the event. We were there in full force with copious amounts of swag and a $200 Amazon gift card for our raffle.

Read More

Page 23 of 66

Powered by WordPress & Theme by Anders Norén