We are excited to share that SiteLock has been named to the 2017 Gartner Magic Quadrant for Application Security Testing for the second year in a row! Designed to analyze and test applications for security vulnerabilities, application security testing (AST) is growing faster than any other security market, according to Gartner.
Page 24 of 62
Fake plugins and extensions are a favorite, and particularly sneaky, way to inject malicious content into popular CMS platforms. Fake plugins disguise their malicious intent by mimicking the form and function of legitimate plugins. We will discuss a not-so-well-known fake Joomla! extension, what it does, and what you can do to protect your site from such attacks.
A series of internal CIA documents released Tuesday by WikiLeaks serve as a reminder that any computer, smartphone or other device connected to the internet is vulnerable to compromise.
The 8,761 documents detail a CIA hacking program with 5,000 registered users that produced more than a thousand hacking systems, Trojans, viruses, and other “weaponized” malware. The scale of the program was so massive that by 2016, its hackers had utilized more code than what is currently used to run Facebook.
In Part One of our #AskSecPro series on WordPress Database Security, we learned about the anatomy of WordPress. Now that we have a firm understanding of the role the WordPress MySQL database plays in a WordPress installation, we can take a look at the various ways an adversary can exploit the mechanisms involved. We’ll also explore some of the ways to defend your database against compromise.
Over the last few days you may have heard the term #Cloudbleed thrown around the water cooler. Some of the questions our customers are asking us include, “What is Cloudbleed?” and “Am I protected from Cloudbleed?” As your resident Security Professional, I’ll be glad to help you to understand what the Cloudbleed buzz is all about and how it may impact you.
— First, I want to be very clear that the Cloudbleed bug does NOT impact SiteLock TrueShield™ WAF/CDN. More below.
We are excited to announce that SiteLock has been named one of the 2017 100 Best Companies in Arizona by BestCompaniesAZ! Even more exciting, we’ve been recognized in the category “Best of Cool,” which honors Arizona’s top organizations that create strong, unique corporate cultures and promote creativity and innovation.
We are lucky to have an excellent team of dedicated individuals who work hard to support the growth and success of our company. Our open working environment offers lots of transparency and employee freedom to share ideas and challenge the status quo. We operate under a true open-door policy and try our best to ensure our employees enjoy coming to work each day.
This month we’ve seen WordPress websites bombarded with defacements and remote code execution attempts by abusing a vulnerability in the WordPress REST API. As could be expected, compromises motivated by financial gain have now made their debut through the same vector. This most recent flavor of defacements focuses on driving traffic to a rogue pharmacy website, where the visitor is encouraged to purchase — you guessed it, “authentic” erectile dysfunction medication.
Dan Karr is the founder and CEO of ValChoice.com, a company with a mission to “give every consumer in America a free analysis of their insurance company.” After an awful car accident, Karr was unable to recover almost $100,000 worth of medical expenses from his health and auto insurance companies. As a husband and a father of three, the financial strain put pressure on his entire family. “After that experience, I vowed to prevent this from happening to any other family by leveraging my technology background to bring transparency to the insurance industry,” said Karr. That’s when ValChoice.com was born.
ValChoice.com provides its customers with a detailed, easy-to-understand analysis of the value, protection and services that insurance companies offer. As the company website states, ValChoice.com is “an independent, unbiased and trusted source of information about insurance companies.”
In the continuing saga of the WordPress REST API vulnerability in WordPress 4.7 and 4.7.1, SiteLock has identified that at least one hacker has launched a campaign specifically attempting remote code execution (RCE) on WordPress websites. The attacks aim to take advantage of WordPress websites using plugins that enable PHP to run inside of posts. If successful, the attack injects a line of code that ultimately downloads a series of malicious files from a Pastebin repository. These malicious files are used to install backdoors and automatically steal information from websites. When unsuccessful at remote code execution, the attack overwrites existing posts and leaves behind PHP shortcode.