Page 53 of 64

XSS vulnerability - cross-site scripting

XSS Vulnerability Found In WP Super Cache Plugin

A cross-site scripting (XSS) vulnerability was recently revealed in the WordPress caching plugin, WP Super Cache.

What Does The WP Super Cache Plugin Do?

WP Super Cache converts dynamic WordPress pages into static HTML.  This creates pages that are quicker to serve to visitors than a database-generated page. Great for high traffic sites, WP Super Cache’s popularity has garnered over a million downloads.

Read More

SiteLock President Named to Prestigious Online Trust Alliance’s Board

Neill Feather

SiteLock announced today that its president, Neill Feather, has joined the board of the Online Trust Alliance (OTA), a leading non-profit organization dedicated to building online trust.

“SiteLock’s mission aligns perfectly with that of the OTA, so it is a pleasure for me to join its board and forward both our organizations’ goals,” noted Neill Feather, President of SiteLock. “SiteLock and the OTA are strong proponents of educating businesses and, collectively, we hope to share best practices and thwart the rising number of dangerous and malicious cybercriminal efforts.”

Read More

OTA’s 2015 Data Protection and Breach Readiness Guide

The Online Trust Alliance (OTA) recently released its 2015 Data Protection and Breach Readiness Guide for its seventh consecutive year. This guide helps provide businesses with prescriptive advice to help optimize data privacy and security practices to prevent, detect, contain and remediate the risk and impact of data loss incidents and breaches.

Read More

SiteLock and Web.com Group Announce New Partnership

sitelock web.com partnershipSiteLock website security just announced a partnership with Web.com earlier today, who will now offer SiteLock’s suite of website security products to customers who sign up for their hosting plans.

Web.com, including Network Solutions and Register.com, hosting customers will be offered options for bundled packages of SiteLock’s security services – which include daily website scanning and automatic malware removal along with TrueShield™ web application firewall, which protects websites from malicious traffic and blocks harmful requests.

Read More

Don’t FREAK: Key Facts About the Latest OpenSSL Vulnerabilities

Factoring Attack on RSA-Export Key (FREAK)FREAK (Factoring Attack on RSA-EXPORT Key) is one of the latest web security threats to go public, which works by weakening users’ encrypted connections on SSL and TLS, allowing a hacker to intercept and decipher data.

The threat affects mostly mobile device browsers, such as Apple’s Safari and Android device browsers, but it also affects older versions of OpenSSL including 1.0.2, 1.0.1, 1.0.0 and 0.9.8. Version 1.0.2 of OpenSSL has been classified under a “high” severity of vulnerability.

Read More

SiteLock Website Security

Malware Decoded: How SiteLock Cleans Infected Websites

Identifying and cleaning malware is part of our everyday life here at SiteLock, and we know for many website owners cybersecurity can be an intimidating topic. That’s why we thought we’d share a simple case of what a common infection looks like, and demonstrate how SiteLock finds, fixes, and prevents malware.

During a malware clean of a new customer’s site, we found some simple, well-known malware — a perfect example for an introductory post on malware. The site was compromised through an arbitrary file upload and malicious code was ultimately injected into the index of the site. Likely an automated process, the code was injected before the closing <body> tag.

Read More

Increase Website Speed

How to Lose a Customer in Four Seconds

Remember the days when you could stop to make your morning coffee while waiting for a website to load? How about the times you wondered if your Internet was down because a picture took more than a few minutes to render? In the time it’s taken you to read this beautifully crafted intro, some websites will have lost precious traffic because their load time was over four seconds. Customers will wait — at most — 15 seconds, then leave your site and never come back. This may not seem like a big deal, but it has fiscal impacts on businesses of all sizes. Research by Kissmetrics revealed that even one second page delay could potentially cost businesses $2.5 million in sales every year.

Read More

Yoast SQLi injection

SQL Injection Vulnerability In Yoast WordPress SEO  

This past Wednesday, Yoast, makers of one of the most popular WordPress plugins, WordPress SEO by Yoast, disclosed a blind SQL injection vulnerability against authenticated users given a successful cross site request forgery (CSRF) attack.

What is blind SQL injection and CSRF, how can the WordPress SEO vulnerability affect your site, and what should you do about it?

Read More

Malware

The State of Cybersecurity in March 2015

cybersecurity

Protect your website from hackers and cybercrime.

With the shortest month of the year now in the books, it’s time to look at the top trending cybersecurity stories for March. Below are our picks for the top three security stories you should be reading this month:

The Latest FREAKy Web Security Bug

A new web security bug was discovered recently, leaving some Apple and Google device owners vulnerable to attack when visiting “secure” websites. It’s called FREAK (which stands for Factoring Attack on RSA-EXPORT Key), and works by weakening encrypted connections on SSL and TLS, which in turn allows an attacker to intercept and decipher the “secure” data.

Apparently the security flaw has been around for more than 10 years, but a fix is quickly on the way. Not to fear, SiteLock TrueShield customers are protected from this vulnerability. Learn more about FREAK here on PCMag.

Uber Finally Admits Data Breach

Almost a year later, on-demand taxi service Uber has announced that over 50,000 of its drivers’ personal information was stolen in May 2014. The cause? Apparently an unauthorized third party got access into Uber’s database. The hack was patched back in September, and Uber has provided one year of free credit monitoring to affected drivers. Learn more about the cybersecurity breach here on The Drum.

The Rise and Fall of Superfish

Did you know that Superfish was once a promising and rapidly growing Silicon Valley startup? They ended up striking a deal with PC manufacturer Lenovo, to have its software installed on their consumer PCs. Little did the public know, the Superfish software was logging online movement of its users, and hijacked online security systems, as revealed by a security researcher early this year.

The results were catastrophic, and Lenovo went into damage control mode. The company eventually released a Superfish uninstaller software, but by then a lot of damage had been done. Unfortunately, you don’t always know what you are getting when it comes to free software (“freeware” as it’s been coined recently). You can check out more info on the story here.

Stay Out of the News

No one wants to be featured in a headline about the latest data breach. Explore the comprehensive, cloud-based security solutions offered by SiteLock.

Benefits of a Website Malware Scanner

website malwareConsider this scenario: You’re the VP of IT for an insurance company. It’s 4 a.m. and you receive a frantic phone call from your CEO who informs you that sensitive client information (credit card numbers, SSN’s) has been leaked. Completely stunned, you look for answers. Turns out someone injected a Paline of malicious script into your website source code… nearly two months ago.

A recent report from PandaLabs suggests that “there were twice as many malware infections in 2014 compared to 2013” and that 2015 could be even worse. Today’s attacks are becoming increasingly sophisticated, and a simple malware injection can compromise your entire database.

One of the most effective and efficient ways to prevent attacks is by employing a type of website scanner. Website scan tools run in the background and can immediately identify malware and vulnerabilities but not all scanners are made equally. External malware scanners crawl each page of a site, much like a search engine, and look for malicious links or script, while internal malware scanners download a site’s source code and analyze each line looking for the signatures of malicious code. Finally, penetration testing scanners manipulate URLs and forms to attempt to exploit weaknesses in code.

Benefits:

  • Identify malware and receive notifications  if issues are found, helping keep your information secured and your website from being blacklisted
  • Automatic remediation of known threats
  • Ensure network security by checking ports on your server to make sure only appropriate visitors gain access to your website
  • Monitor FTP and file change to provide you with full visibility of website changes
  • Protect your database from SQL injections by probing your website for weaknesses

Companies should be cautious when making purchase decisions for a scanning product as poorly performed scans can negatively impact your site’s ability to conduct business.  For instance, some scanners submit thousands of requests to web forms – such as contact forms –  to probe for weaknesses. Similarly, poorly designed vulnerability tests can spam your inbox with testing emails and impact the performance of your website due to unnecessary load (similar to DDoS).

SiteLock INFINITY is a safe and efficient solution that provides well-designed and continuous scanning, including the only automatic detection and removal in the industry. For an added layer of security, the SiteLock TrueShield Web Application Firewall (WAF) prevents malicious traffic from even getting in. Active website scanning tools and a WAF will help mitigate cyber attacks, and more importantly, protect your customer’s valuable data. For more information on integrating these solutions into your existing website call 855.378.6200.

 

Page 53 of 64

Powered by WordPress & Theme by Anders Norén