Page 48 of 63

how to prevent security breaches

This Week in Exploits: What Are XSS Vulnerabilities? Part 2

In last week’s “episode” of ‘This Week in Exploits’, we talked about Cross-Site Scripting (XSS) and specifically reflective XSS vulnerabilities, the most common type of XSS flaw. We now know roughly what a XSS attack is, and some of what a reflected XSS attack does, but why do XSS attacks exist? How can they be used?

 

Read More

We’re Going to WordCamp U.S.!

2015.us.wordcamp.org

#wcus

 

eCommerce website security

It’s the Most Wonderful Time to Secure Your eCommerce Website

The holiday season is a busy time for online retailers and other ecommerce websites. Unfortunately, it’s also prime time for cybercriminals to attack. As you prepare for the uptick in traffic, don’t let an oversight make you vulnerable to a breach. Instead, get ahead securing your ecommerce website by knowing what to expect.

Anticipate an Attack

Cybercriminals assume that retailers are caught up in the holiday shopping frenzy and will use this opportunity to take advantage of lax security. Anticipating their behaviors can help mitigate risk and prevent an attack.

 

Read More

XSS vulnerability - cross-site scripting

What Is An XSS Vulnerability? Part One

In the world of websites, hackers have a variety of tools to intrude on people’s domains. These hacks, which take advantage of vulnerabilities in a site’s code, are categorized by projects like the OWASP Top Ten.

According to the OWASP assessment, the top three most common attacks are:

  • Injection
  • Weak Authentication and Session Management
  • Cross-Site Scripting (XSS)

 

As new vulnerabilities are discovered, we still can see that a large portion of these vulnerabilities are XSS-related vectors.

Read More

SiteLock is One of the Fastest Growing Companies in Deloitte Fast 500

SiteLock Deloitte 2015 fastest growing companies

SiteLock is proud to announce that we’ve been named one of the fastest growing technology companies in North America in the recent Deloitte Technology Fast 500 list! We officially rank number 85 with a 1046 percent growth between 2011 and 2014. In addition, we were also ranked as the number one fastest growing technology company in the state of Arizona.

 

Read more about this prestigious award and see the list in its entirety.

browser-security

How Browser Security Can Help Website Security

Modern browsers are more than programs used to peruse the web. Browsers are tools used to communicate, develop, conduct financial transactions, and interact with government agencies.

This week we will discuss browser security, and how it can impact website security. As a website is the portal to a company’s online presence and resources, a browser is the entryway into a user’s workstation computer and the data within.

Just How Important Is Browser Security?

The link between browser security and website security is not conflated. Here at SiteLock, we’ve seen many sites compromised through stolen FTP credentials, and entire company file stores lost to ransomware.

Browsers were the likely point of entry of these compromises.  Every website owner and web developer is sure to use a browser, most likely multiple browsers, to access the website hosting or accessing site files and credentials.  Again, the browser is the portal from the open web to the workstation.   Below, we’ll cover the steps necessary to better secure this entry point.

 

Read More

black friday cyberattack

Black Friday: The Time for Closeouts, Rollbacks and Cyberattacks

Black Friday is one of the most anticipated shopping days of the year. Shoppers are up at the crack of dawn to hit their favorite stores. Some will go as far as to camp out at the stores offering the hottest deals while others will avoid the malls altogether by finding the best sales online. Nearly 100 million Americans are expected to take advantage of Black Friday discounts this year. However, these shoppers aren’t the only ones who have been waiting for Black Friday; cybercriminals are just as excited for this big shopping day. Securing your website for the holiday season is one of the best things you can do for your business and your customers.

Read More

website hacked - malware code

Why Was My Website Hacked?

When talking with customers whose website have been hacked, our support teams often hear the question, ‘Why was my website hacked?’ Getting hacked is a violation. It is a violation of a company’s web properties, or the personal violation of someone’s small business or specialty site. Having the hard work of web development undone, even temporarily, is a difficult experience and SiteLock strives to restore that work as quickly as possible. Our teams are dedicated to this.

Most Website Hacks Are NOT Personal

This week we’re here to reassure readers that the majority of compromises are not targeted attacks. We will discuss how and why bad actors attack sites, and how to avoid becoming another line in an attacker’s text file of owned sites.

 

Websites are fish in the sea of the Internet and get caught up in the scanning nets of malicious actors.

Read More

eCommerce website security

Don’t Get Hit With a Cyberattack This Holiday Season

Consumers have endless choices of where to shop this holiday season and your store – whether brick & mortar or online— must stand out. A well-designed, easy to use website is critical in cutting through the clutter to attract holiday shoppers and drive them to make a purchase. However, it’s important note that the same features you use to improve your user experience and retain customers can also leave your website vulnerable to a cyberattack and pose a significant threat to your business. Learn what we mean by this…

Read More

Injected JavaScript

JavaScript Malware Injected Into WordPress Themes

The SiteLock support teams are always encountering new types of malware.  This week we’ll discuss a recent infection of WordPress theme files, header files specifically, brought to our attention by SiteLock’s Security Concierge, or SECCON, Team.

Where Was This New Malware Discovered?

SECCON notified the research team of what seemed to be a new JavaScript infection found in WordPress theme header.php files, like wp-content/themes/twentyfifteen/header.php. The infection consists of two lines of identical JavaScript injected into the header file, targeting the closing tag.

 

Sample malware infection

Sample Infection

Read More

Page 48 of 63

Powered by WordPress & Theme by Anders Norén