Cybersecurity Report: June 29, 2015

prevent data breachHackers Ground Polish LOT Airline Flights

LOT, the Polish national airline, announced on Sunday that it cancelled 10 flights due to the cyber attack towards its ground computer systems at Warsaw’s Okecie airport. The cyber attack took down LOT’s ground computer systems for 5 hours during which time 10 flights were cancelled impacting over 1,400 passengers who had planned to travel to Dusseldorf, Hamburg, Copenhagen, and some internal flights within Poland.  LOT stated that no ongoing flights or other airport computer systems were affected and the flights already in the air to scheduled to land at Warsaw were at no risk.

US to Raise Breach of Government Records at Talks with China

This Monday, The United States began the annual security talks with China and an official said that the US government representative would raise directly the major data breach at OPM during the discussion. Prior to the talk, China had openly denied involvement in the break-in, but Obama administration officials had said that they are increasingly confident that China’s government, instead of hackers, was responsible. The annual talk was around topics including cyber security, maritime security, military relations, missile defence, nuclear policy and space security. This talk was followed by a two-day Cabinet-level discussion on security and economy starting on Tuesday.

Popular Security Software Came Under Relentless NSA and GCHQ Attacks

According to Edward Snowden, the National Security Agency and the British Government Communications Headquarters have worked to subvert anti-virus and other security software to track users and infiltrate networks. These two agencies were alleged to have reverse engineered software products and monitored web and email traffic to carefully thwart anti-virus software and obtain information about security software and their users. The Moscow-based security solution provider Kaspersky Lab received especially careful examination. Both NSA and the British agency have studied Kaspersky Lab’s software for weaknesses and obtaining sensitive customer information by monitoring software activities.

WikiLeaks: NSA Snooped on French Leaders

According to Wikileaks, the whistleblower website,the US National Security Agency (NSA) has been spying on French President Jacques Chirac, Nicolas Sarkozy and Francois Hollande in 2006-2012, Wikileaks says. Wikileaks began to publish the files under the heading “Espionnage Elysee” on Tuesday. These files were said to derive from directly targeted NSA surveillance of the communications of multiple French leaders. It is unclear whether the material comes from data stolen from former NSA contractor Edward Snowden.Wikileaks carried a statement by its founder, Julian Assange, who said: “The French people have a right to know that their elected government is subject to hostile surveillance from a supposed ally.”

Almost Half of Leading Websites Fail Security and Privacy Tests

The non-profit organization Online Trust Alliance conducted a study that audited 1,000 websites, including websites of 50 leading Internet of Things device makers and other leading retailers, banks, social media, news and government bodies. According to the survey, 46% of the respondents were found vulnerable to known online security threats, 76% failed the security assessment, while only 20% scored highly enough to qualify for the OTA’s Online Trust Honor Roll. The OTA evaluated these websites based on criteria in mainly three categories: consumer protection, privacy and security. According to the result of the study, Twitter topped the overall ratings three years in a run.

Cybersecurity Report: June 23, 2015

Screen shot 2015-04-14 at 12.19.10 AMCybersecurity Pros Warn Against Insider Threats

A recently released Insider Threat Report collected data from over 500 cybersecurity professionals to examine industrial efforts against insider threats. According to the report, although there has been a rise of insider threats over the last 12 months, organizations are not fully prepared for it yet. The report also examined which user categories showed the largest threat, the most vulnerable applications and data, common launch points for attacks, budget trends and more.

White House pushes ‘30-day Cybersecurity Sprint’ after massive breaches

Last Friday, the White House launched a new security program, dubbed the “30-day Cybersecurity Sprint”, to fortify cyber security protocol across the government and encourage agencies to take specific initiatives over the next month to beef up the protection of proprietary information and prevent future hacking towards federal systems. These initiatives include: fixing cybersecurity vulnerabilities, tightening policies and practices for privileged users, implementing multi-factor authentication procedures and so on.

Cybersecurity Threats Plague Energy Groups

On the energy conference by Wyoming Infrastructure Authority, Michael Bobbitt, a supervisory special agent with the FBI, stated that the energy industry is facing significant threats from hackers, groups that intended to steal proprietary information and even terrorists. Energy industry should pay special attentions to hackers who were especially interested in stealing intellectual property, such as a proprietary way to drill a well. Besides, hackers could also manipulate corporate equipment remotely and lead to real-world physical damages. To prevent this, energy companies should take more efforts in protecting data security both from external threats and from internal threats.

Cardinals Investigated for Hacking Into Astros’ Database

Employees of the St. Louis Cardinals are under investigation by FBI and Justice Department due to the allegation of hacking into databases of Houston Astros to steal player information and track player development. The subpoenas have been issued on the Cardinals and Major League Baseball for electronic correspondence. This attack would be the first known case of corporate espionage in which a professional sports team hacked the network of another.

Uber’s Petition Website Hacked To Redirect To Lyft Homepage

Over the weekend, cyber security research Austin Epperson exploited a vulnerability in Uber’s petition website and leveraged it to change the content of some petitions and redirect visitors to Lyft’s homepage. The researcher then warned the company to be more cautious when using petition websites since they might be vulnerable to malicious hackers. Both Uber and Epperson stated that the customer information was never at risk.

 

 

Cybersecurity Report: June 16, 2015

Screen shot 2015-04-14 at 12.19.10 AMSenate Rejects Measure to Strengthen Cybersecurity

Several days after a major breach of the personal information of federal employees, the Senate rejected a cyber security measure on Thursday. The rejected bill would encourage private companies to voluntarily share information about hack attacks with the federal government to prevent future data breaches. The vote was 56-40, four votes short of the 60 needed to move ahead on the legislation. Many Democrats voted against the bill, mainly because it was tacked to a sweeping defence bill, which many Democrats oppose and President Obama has threatened to veto.

None of US is Safe: Major Cybersecurity Company Hacked

Moscow-based cyber security company Kaspersky Lab announced on Wednesday that its systems had been attacked, most likely by hackers working on behalf of a country. The company didn’t name the country that it thought carried out the attack, but didn’t deny the possibility that the hackers were from Israel, United Kingdom or United States. The attack mainly focused on Kaspersky’s own systems and intellectual property, so its user information were all safe. Kaspersky has already fixed the hole that allowed for the attack and released an explanation on its website to answer questions regarding the reason of the attack, techniques used by hackers and others.

Cybersecurity Spending Set to Explode

According to a new report from MarketsandMarkets, given the increasing need for the cybersecurity services, the value of this market will be propelled to $170 billion by 2020. This increase will be mainly driven by the increasing use of mobile devices, web, social media, Internet of Things and more. The increasing popularity of BYOD policies is also a major factor that drives companies to improve its security deployment. In the future, companies are looking for integrated solutions that are customized for clients’ specific needs.

Hospital Drug Pumps are Hackable, Experts Warn

According to cybersecurity experts, hospital drug pumps produced by Hospira, a leading medical supplier under Pfizer, could be hacked because of security vulnerabilities. Although the company stated that it had been working with Department of Homeland Security and Food and Drug Administration to investigate into this issue, there were still flaws left in Hospira’s information system. The major vulnerability of the system was caused by Hospira using outdated software and having identical encryption certificates, private keys and service credentials for many of its products.

Syrian Group Claims Responsibility For Hack of U.S. Army Website

Hackers with the Syrian Electronic Army (SEA) claimed that they hacked the official website of the U.S. Army on Monday and posted a message saying “Your commanders admit they are training the people they have sent you to die fighting”. The Army website was then taken down temporarily to prevent further data breach. This was not the first ime SEA hacked US websites. It shut down the Washington Post’s mobile site briefly earlier this year and hacked the twitter account of AP to announce that the White House had been hacked.

CAPTCHA That Form

Don’t you love the feeling of customer inquiries in your morning inbox? So much interest in your site! You look closer at the emails and find they’re all from Michael – Michael Jordan, Michael Kors, Michael Vuitton – well, Louis Vuitton, but you get the point. Somehow, spambots found your form and blindly barraged your inbox with handbag and sneaker spam, or worse, adult content. How do you, a busy business owner, stop the spam while allowing legitimate requests? The good news is that you have a couple options – one is easy and the other, even easier.

The first is to implement a CAPTCHA on the form. A CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is a small test that is simple for humans to pass yet difficult for computers. Google’s reCAPTCHA is a popular option, takes little coding and helps digitize books in the process.

Google's reCAPTCHA
Google’s reCAPTCHA

If you run a WordPress site, Really Simple CAPTCHA, from the author of Contact Form 7, is a popular option. It takes a bit of configuration, so it may not be ideal for all users. Another option for WordPress users is Fast Secure Contact Form. This is an integrated contact form with CAPTCHA plugin that makes securing a contact or request form possible with just a few clicks.

Fast Secure Contact Form
Fast Secure Contact Form

Of course the simplest (and most comprehensive) option of all is deploying a web application firewall such as the SiteLock® TrueShieldTM. With TrueShield, spambots are stopped in their tracks as it analyzes requests to your site and stops malicious submissions before they reach your inbox.

People sometimes argue the efficiency of the CAPTCHA (e.g. “you’re hindering legitimate traffic from accessing my website.”). While there is no doubt a CAPTCHA can help curb spam, used in conjunction with the SiteLock TrueShield firewall, getting the right people to your inbox while blocking threats is as easy as ever.

How to Secure Your Open Source Platform Website

wp-dark-hi-1440x900Open source content management systems like WordPress, Joomla and Drupal have become some of the most popular platforms for creating websites. So much in fact, that 17% of the entire internet is hosted on WordPress.

Platforms like WordPress are free and have a huge community of users and developers, providing a vast ecosystem themes and plugins. Unfortunately, since they’re so popular, open source platforms are often a large target for hackers and since much of the platform is developed by volunteers, code vulnerabilities may exist.

As a result, there have been several huge WordPress vulnerabilities within the last few months alone, such as Genericon XSS and the WordPress 4.2 XSS vulnerability.

Fortunately, there are several things you can do to mitigate a cyber attack on your open source platform-hosted website, such as making sure installations, plugins and themes are fully updated. For more essential tips to secure your website, take a look at this blog post on Developer Drive written by Neill Feather, President of SiteLock.

How to Survive a Data Breach

Screen shot 2015-04-14 at 12.19.10 AMData breaches are fairly common occurrences these days – just last year alone, nearly half (43%) of all companies experienced a cyber attack. Even worse is that most data breaches take weeks or even months to discover, which can have devastating effects on a business since the average cost of a compromised record is worth more than $194.

What can businesses do to prepare for and mitigate the inevitable cyber attack? Neill Feather, president of SiteLock, recently wrote an article on Smart Data Collective to help businesses put the proper recovery and response plans in place. You can read it by clicking here.

 

SiteLock® and Logjam: What You Need to Know

Logjam is the code name for a cryptographic weakness in the Diffie-Helman key exchange algorithm used by TLS, commonly used in HTTPS connections. The Diffie-Helman Exchange (DHE) allows two parties – a browser and server in our case – to exchange prime numbers in a secure manner which are then used to create a shared secret used to encrypt a session.

A team of computer scientists and security researchers found that precomputing the prime number groups that DHE uses allows faster computation of the discrete logs used to find the shared secret. With academic-level resources, the researches precomputed a 512-bit group used by 82% of vulnerable servers. The researchers posit that nation-state level resources could precompute 1024-bit Diffie-Helman groups, affecting even larger swaths of the internet.

Ultimately, the Logjam attack would be launched with a man-in-the-middle attack which downgrades a session to use export grade, or 512-bit, encryption, the attacker computes the unique log, and then finally determines the session’s key, allowing once encrypted traffic to be read. This means HTTPS communication, such as online shopping, using weak Diffie-Helman key exchange is not properly secure.

What should SiteLock customers do?

SiteLock customers using the TrueShieldTM web application firewall (WAF) are protected by default. SiteLock terminates, or handles, HTTPS sessions and in turn blocks vulnerable key exchanges as SiteLock servers are configured to support only the most secure cipher suites.

Administrators are urged to configure their servers to deny the use of vulnerable Diffie-Helman key exchange algorithms. Researchers provided a guide for system administrators, and the SSL Server Test can verify configuration results. We also urge users to be on the look out for future updates to popular browsers which will mitigate the Logjam vulnerability.

SiteLock not only secures your website from vulnerabilities and malware, we secure your customer’s valuable data in transit, so they stay customers and your business flourishes. Stayed tuned to the SiteLock Blog for the latest security developments.

 

Must-Know Privacy and Security Compliances

compulsory securityWith cyber attacks and data breaches on the rise, privacy and security compliances are more important than ever. What are compliances? Generally, they’re laws designed to protect private consumer and company data from being stolen and exposed.

Privacy and security compliances span across many industries – education, government, health and high-tech like cloud and SaaS. You may have even heard of a few of them, like HIPAA or SOC.

Neill Feather, president of SiteLock, recently wrote an article highlighting the top 3 privacy and security laws that you should know, along with some tips to help organizations improve website compliance. You can read it on Govloop by clicking here.

 

How to get your website hacked

Web application firewall
SiteLock prevents harmful visitors and malicious attacks on your website.

Websites and web applications are being hacked more than ever these days (especially with the rise of online businesses and B2B SaaS-based platforms). If a hacker gains access to the system, they can compromise financial records, medical records and other personal information such as Social Security Numbers and credit cards.

SiteLock president Neill Feather recently wrote an article on B2BNN, covering 5 security issues that many websites and web applications face, with solutions, including handling payments  (PCI compliance), malware and password enforcement. For the full article, click here.

SiteLock and the WordPress Genericons XSS Vulnerability: What You Need to Know

Earlier this week a security researcher reported a cross site scripting (XSS) vulnerability in the WordPress icon package, genericons. Genericons included an HTML file, example.html, which had the cross site scripting flaw, and the icon package is used with the default installed WordPress theme, Twenty Fifteen, to give you an idea of the broad impact.

The XSS vulnerability was DOM, or document object model, based meaning it could potentially control how the browser handles a requested page. The victim would have to be coaxed into clicking a malicious link, reducing severity, though the exploit remains widely deployed all the same.

The attack is carried out by the attacker crafting a link to the vulnerable example.html file including malicious JavaScript, and persuading a victim to click the link. The server responds to the request, serving the page with crafted code. The browser then runs the code in the DOM object of the page, performing any number of malicious actions. Logged in admins, as you can imagine, would be vulnerable to site takeover.

As a SiteLock customer, here’s what you need to do.

First, don’t worry. Even though the exploit is run directly in the browser, SiteLock TrueShield customer sites are virtually patched against the exploit. Plus, further extension of an attempted attack will be caught by the TrueShield WAF or the SiteLock SMART scanner if malicious code makes it on the site.

Next, update WordPress to the latest version released yesterday, 4.2.2. Most WordPress installations will update automatically, though we recommend backing up your database and site files all the same. You can also remove the example.html file or files which will remove the vulnerability without impact to the site.

(It’s a good idea to remove example, test, and development files from a production site anyway. Run a ‘$ sudo find / -name example.html’ to find and review all files named example.html.)

WordPress is a powerful, yet simple to use CMS ideal for many blogs, portfolio or e-commerce sites. The widespread adoption and scrutiny of WordPress’ code base is an absolute positive, and SiteLock’s security products work in perfect conjunction with WordPress’ growth. Stay tuned to The Website Risk Lockup for the latest in WordPress and internet security.

Follow

Get every new post delivered to your Inbox.

Join 58 other followers

%d bloggers like this: