This week we look at file timestamps, what they are, what they mean, and how bad actors can use them to their advantage when compromising sites. Timestamps can be a good clue as to what happened if a site was compromised. But are timestamps foolproof? Let’s find out what they are and see.
Page 48 of 62
Hacks are bad. A website compromise is serious, and at SiteLock we see a lot of compromised sites and malicious code. Malicious code is constantly evolving to avoid detection. Adversaries use a large number of strategies to avoid detection, and comedy happens to be one of them.
Since hackers try everything they can think of – pop culture references, internet memes, irony – to disguise malicious code, we’ll dive into the strange and weird to show you how far adversaries will go…
October is Cyber Security Month and it’s a good excuse to assess your web applications and website security before the holiday season.
Few things pose as much risk as an attack aimed at your website. Consider the impact of data breaches to Target, Home Depot and, most recently, Experian and the American Bankers Association. It seems that not a week goes by without a new massive breach making headlines.
While organizations often think of protecting their network, website security is often overlooked, leaving a massive vulnerability open to exploitation. How can you ensure your web applications and website are safe? Use these five tips to make sure your security is where it needs to be:
As SiteLock continues to innovate and push the boundaries of web site protection, we’ve invested in and grown our security research team to provide new capabilities and content for customers and the security community at large.
This week, we will discuss what the SiteLock Research Team is, the team’s mission, and provide an overview of the team’s emerging efforts, as well as where to find and how to interact with the team.
In this week’s post, we take a look at “in-the-wild” phishing attacks and talk about how to counter them. Protecting yourself from phishing and malware attacks is not only important, it’s a fundamental Internet survival skill, made even more essential if you have a web presence you depend on. A compromised workstation could lead to compromised credentials, ultimately leading to complete control of your website by bad actors. We don’t want that.
We’re kicking off a new blog series here at SiteLock, to share some of the insight we gather every day removing malware from websites. This series will be geared toward folks interested in learning more about the web application security landscape. In this space, we’ll cover various topics each week – everything from CMS security to malware, to vulnerabilities and best security practices.
Insights On Malware Campaigns
One of the interesting things about tracking malware campaigns is their changing behavior as the campaigns shift to different targets, employ new tactics to evade detection, and propagate new malware, based on the changing economics of the campaigns.
Below is an example we have seen take shape and evolve over the past few weeks that should give readers an example of how these changes occur and what is going on behind the scenes of a large-scale malware attack campaign.
Last week, the U.S. Department of Justice released a report that revealed some weaknesses in Next Gen Cyber, The Federal Bureau of Investigation’s cyber security program begun in 2012. Next Gen Cyber originally has a budget of $314 million and a total of 1,333 full-time jobs (including 756 agents), while the DOJ also asked for an $86.6 million increase in funding for 2014 to support this Initiative. The FBI had in total 52 open positions of the 134 computer scientists it was authorized to employee under the Initiative.
FCA US LLC, formerly Chrysler Group LLC, announced on Friday that Fiat Chrysler will recall 1.4 million vehicles in US to install software to prevent hackers from gaining remote control of the engine, steering and other systems. According to federal officials, this is the first such action of its kind. This announcement was made several days after cyber security researchers succeeding in using a wireless connection to turn off a Jeep Cherokee’s engine as it drove. The National Highway Traffic Safety Administration also said on Friday that it would investigate whether FCA’s solution to upgrade software was enough to protect consumers from hackers.
Viruses used to be the only website security issue that companies worried about. With cyberthreats increasing in variety, protecting your website is no longer about installing a basic firewall. You also need to consider the necessary add-ons in all the right places to develop a multi-layered security plan.
Add-Ons That Help Website Security
To help you start your own deployment, below are three non-firewall add-ons that you should have in order to develop a comprehensive website security plan.
Last week, hackers broke into UCLA Health, the hospital network of the University of California, Los Angeles,acquiring access to database with sensitive records of 4.5 million people and potentially affecting four hospitals and 150 offices across Southern California. According to the university, the potential breached information included names, medical information, SSN, Medicare numbers, health plan IDs, birthdays and physical addresses.The network made this announcement two months after the data breach was discovered. The hospital group is now offering affected staffs and patients one year of identity theft recovery services.