Page 24 of 64

Malware Removal

How Website Vulnerabilities Are Getting Your Site Hacked

We all know someone who’s been in a difficult position following a security breach. They are rushing to assess the damage, while simultaneously repairing website functionality to limit the compromise. It’s a stressful situation, especially if you’ve had to deal with a compromise more than once. Unfortunately for some website owners this is a reality — shortly after the initial security breach, the website becomes compromised again. It leaves the website owner asking why their website is being targeted and how the website re-infection is happening.

The short answer is that it’s most likely due to unresolved website vulnerabilities. While it may seem like you’ve been singled out and targeted by some menacing hackers, most of the time that isn’t the case. The majority of website compromises are preceded by automated campaigns that locate websites vulnerable to a particular exploit the hacker wishes to employ. The bottom line is, you aren’t the target that the hacker is singling out, it’s the software on your website. There are a couple main culprits for this scenario.

Read More

website security

What is a Website Vulnerability and How Can it be Exploited?

Websites experience 22 attacks per day on average— that’s over 8,000 attacks per year, according to SiteLock data. A website vulnerability is a weakness or misconfiguration in a website or web application code that allows an attacker to gain some level of control of the site, and possibly the hosting server. Most vulnerabilities are exploited through automated means, such as vulnerability scanners and botnets. Cybercriminals create specialized tools that scour the internet for certain platforms, like WordPress or Joomla, looking for common and publicized vulnerabilities. Once found, these vulnerabilities are then exploited to steal data, distribute malicious content, or inject defacement and spam content into the vulnerable site.

Read More

SiteLock Threat Intercept

Threat Intercept: Passwords Publicly Exposed by Malware

This article was co-authored by Product Evangelist Logan Kipp.

THREAT SUMMARY

High Threat
WordPress website security threat level
Learn More

Category: Shell / Information Disclosure

Trend Identified: 4/20/2017

CVE ID: N/A

Trend Name: Trend Tusayan

Vector: Application Vulnerability, Multiple

The threat rating was determined using the following metrics:

Complexity:

LOW: The vectors used to infect websites appear to be well-documented vulnerabilities in older versions of website platforms.

Confidentiality Impact:

HIGH: This infection provides complete control of the target website, including credential disclosure and database contents.

Integrity Impact:

HIGH: This infection provides the adversary administrator-level access to impacted website applications, making total data loss a possibility.

The SiteLock team has discovered a dangerous malware trend that not only provides website administrator level access to the bad actors involved, but exposes sensitive website credentials publicly over the internet.

Read More

Ask a Security Pro: What Is Encryption?

Over the last year I’ve led a multitude of security workshops aimed to educate entry-level WordPress users about website security. Some of the questions I regularly field in these workshops are related to the mechanics of SSL certificates, and their role in protecting website data from prying eyes. As you may know, the installation of an SSL certificate on a web server allows the server to accept traffic on the hypertext transfer protocol (secure), or simply ‘HTTPS,’ the primary form of encrypted data transfer between websites and visitors. I’d like to share the answers to some of the most frequently asked questions I’ve had on the subject.

HTTPS and SSL Certificates

SSL is the Armored Truck

The first thing I’d like to clarify on the subject of HTTPS and SSL certificates specifically is that the use of SSL certificates and HTTPS do not in any way, shape, or form protect the data on your website itself. HTTPS encrypts data in transit only. Neither does it protect data resting on visitors’ computers. You should consider HTTPS the armored truck of websites, not the bank vault. It acts as the protection against adversaries while data travels from point ‘A’ to point ‘B’.

Read More

PressNomics 2017 – Remaining Steadfast

Last week the SiteLock team gathered at the Tempe Mission Palms to attend and sponsor PressNomics. If you’re not familiar, PressNomics is a conference focused squarely on entrepreneurs and influencers who are committed to the WordPress community.

Read More

WordPress Auto Login and Obfuscated Code

Malware comes in a great deal of unique shapes and sizes.  Most people know someone who has had the misfortune of an infected computer at some point. Ransomware, trojans, and viruses that affect consumers’ physical devices are generally built with compiled code, which means you can’t easily “take a look under the hood” to get a solid idea of how it works.

The types of malware we work with at SiteLock behave a little differently, however. The web-ready files we encounter most frequently are written in Interpreted Languages like PHP and JavaScript. This means that the files involved contain plain, human-readable code, allowing anyone who understands the language to see what the files do.

Read More

SiteLock Website Security Video

How SiteLock Works With Your Hosting Provider [Video]

At SiteLock, we partner with the largest hosting providers around the world to secure more than 6 million websites. In speaking with all of our customers, we often get asked, “What is the difference between the security provided by my host vs. the security provided by SiteLock?”

It’s important to understand that your website isn’t entirely protected by your hosting provider, and despite being hosted in a secure server environment, your website is still at risk of cyberthreats without the proper website security.

Read More

WordCamp San Diego – Kind of a Big Deal

This past weekend we found ourselves at WordCamp San Diego… and it was classy. This came as no surprise as the WordCamp theme was “Stay Classy,” a line taken from the comedy gem Anchorman set in the same city. SiteLock was a Gold sponsor (classy!) and along with our seasoned WordCamp goer Adam Warner, our own Web Security Consultant Managers, JC Bustillos and Evan Richardson, also attended the event.

Read More

SiteLock Threat Intercept

Fake WordPress SEO Plugin Provides Backdoor Access

We recently discussed a particularly sneaky piece of malware that’s been disguising itself as fake plugin and targeting Joomla! users. While this phenomenon is not unique to the Joomla! content management system, SiteLock has discovered a recent trending fake plugin for WordPress, one of the world’s largest open source applications.

Read More

Page 24 of 64

Powered by WordPress & Theme by Anders Norén