The Website Risk Lock-Up

5 Must-Read Cybersecurity Websites

happy_cyber_MondayThere’s no doubt that cybersecurity is on the rise. As the world continues to experience data breaches, more and more of these stories have been filling headlines.

With so much cybersecurity overage, it can be difficult to sort through the noise and identify the most important stories. That said, we’ve put together a list of the top five must-read websites that you should add to your daily reading list:

Dark Reading

Dark Reading is InformationWeek’s online cybersecurity publication, focusing on enterprise security. This website covers everything from breaches to compliance and cloud security. It’s worth adding to your reading list if you want the latest in both cybersecurity news and insight from key industry leaders.

Government Technology

Government Technology, also known as GovTech, covers a wide range of technology topics for the public government sector, on both state and local levels. Topics range from network IT to applications, but one of GovTech’s most interesting sections is security which covers government-related data breaches, cybersecurity companies in the government sector and strategy and insight from government leaders.

OTA Blog

The OTA (Online Trust Alliance) is a non-profit organization dedicated to enhancing online trust and empowering users, while promoting internet innovation. OTA’s blog features the latest cyber security legislation news, insight from key thought leaders and general cybersecurity news that consumers need to know.

CIO

CIO covers several technology topics for Chief Information Officers and other IT leaders, and has been around since the 1980’s (but is now mostly in digital format). CIO’s security section is a great place for IT leaders to get the latest news on what’s happening in the enterprise cybersecurity world, and also features white papers/case studies on cybersecurity from key companies like HP and Rackspace.

SecurityWeek

SecurityWeek is similar to the aforementioned publications in that it covers the latest general cybersecurity news, but it also has a great section that focuses on features and insights from key industry leaders. Topics include phishing, malware, fraud and network security.

Keeping a pulse on the ever growing threat landscape is difficult, but education is imperative. The more consumers and business people alike know about the very real cybersecurity threat, the better equipped we can all be to handle protecting our investments and mitigating risk. Be sure to check back often for more tips and tricks on website security and feel free to include any publications we may have missed in the comments section below.

 

DoS vs. DDoS: One on One, or One on Many

securityplanningPlease read the following post with this notion in mind: DoS doesn’t refer to the classic operating system, nor is DDoS a “Different” version of this system.

DoS and DDoS are two common types of cyber attacks that can block legitimate users from getting access to your website. Both attacks can cause companies to lose millions of dollars in just a few hours. According to Incapsula, the average cost of a successful DDoS attack is $500,000. Although these two attacks look similar and both have unfavorable financial influences, the difference between them is more than just the letter “D.”

DoS Attack

A Denial-of-Service attack (DoS attack) is a type of cyber attack executed from a single server or a home network. It can compromise your website in the following ways:

  • Resource exhaustion, such as using all CPU time, bandwidth, etc.
  • Limitation exploitation, such as repeatedly attempting to log into one account to constantly block the legitimate user out
  • Process crashing, such as leveraging an infected software to disrupt requests sent from legitimate users
  • Data corruption, such as changing all user types into invalid types to prevent users from logging in

Among these categories, resource exhaustion is the most common type of DoS attack. It is usually caused by a hacker flooding requests to your server to drain one or more resources. During a DoS attack, your website usually stops responding to visitors. Therefore, if your customer service center is receiving constant complaints from customers who can’t get access to your online services while most access requests come from one IP address, you should consider the possibility of a DoS attack.

DDoS Attack

Distributed Denial-of-Service attack (DDoS attack) is usually considered as an evolved version of DoS attack. It has all the negative effects of DoS attack and is harder to stop. A DDoS attack is executed by having multiple computers on different networks (called a botnet), to send a large amount of requests to your website at the same time.

If a DoS attack is like starting a one-on-one fight, then DDoS attack is like besieging your house with people flooding from different directions. What’s worse, these people all look like legitimate visitors, because DDoS attackers can compromise legitimate source IPs and leverage them to start an attack. Even if there is no malicious hacker, DDoS can still happen when there is an unexpectedly large traffic to your website.

DDoS attacks are very hard to prevent, because it’s difficult to differentiate a legitimate user from a compromised visitor. To help you mitigate the increasingly rampant DDoS attack, SiteLock Website Security, the most comprehensive DDoS protection solution in the industry, can target vital components of comprehensive DDoS attacks by providing Web Application Protection, Infrastructure Protection and DNS Protection, adding multiple layers to your online business.  To learn more about SiteLock’s DDoS protection solution, please click here.

SiteLock and WP Super Cache XSS: What You Need to Know

A cross-site scripting (XSS) vulnerability was recently revealed in the WordPress caching plugin, WP Super Cache. WP Super Cache converts dynamic WordPress pages into static HTML, which, as you can imagine, is quicker to serve to visitors than a database generated page. Great for high traffic sites, WP Super Cache’s popularity has garnered over a million downloads.

A cookie-based XSS vulnerability was found using wp_cache_get_cookies_values() which is called to append a unique ID, or key, that WP Super Cache uses to determine which cached pages to serve. Given this, an attacker could request a page with the site’s cookie edited to include an XSS exploit, Super Cache generates the page appending the malicious cookie payload, and WP Super Cache’s cached file list page is served up exploit and all, stealing the admin’s cookies or performing other mayhem.

Run a WordPress site with WP Super Cache? Here’s what you need to know.

Versions of WP Super Cache below 1.4.4 are vulnerable and should be patched to the latest version as soon as possible. Backup your site’s database and files and then run the update in the admin panel, or download the latest version from WP Super Cache’s official page here. Owners with a vulnerable version WP Super Cache plugin on their site are also urged to change the WordPress admin password.

Or, better yet, obviate the need for WP Super Cache by deploying the SiteLock TrueSpeed CDN and TrueShield WAF. The unparalleled coverage of the SiteLock global CDN intelligently serves your most elaborate WordPress site pages in the quickest, most efficient manner to all visitors, regardless of geographic location. (A cached page could still be slow if it’s served to a visitor on the other side of the world.)

Plus, the integrated TrueShield web application firewall eliminates such attacks altogether, so you’re protected from the next, inevitable, WordPress plugin vulnerability before it even happens.

 

SiteLock President Named to Prestigious Online Trust Alliance’s Board

neill_featherSiteLock announced today that its president, Neill Feather, has joined the board of the Online Trust Alliance (OTA), a leading non-profit organization dedicated to building online trust.

“SiteLock’s mission aligns perfectly with that of the OTA, so it is a pleasure for me to join its board and forward both our organizations’ goals,” noted Neill Feather, President of SiteLock. “SiteLock and the OTA are strong proponents of educating businesses and, collectively, we hope to share best practices and thwart the rising number of dangerous and malicious cybercriminal efforts.”

Formed as an informal industry working group in 2005, the OTA is a charitable organization dedicated to enhancing online trust and empowering users, while also promoting innovation and the vitality of the internet. OTA is global organization that is backed by over 100 organizations in the technology, security ecommerce, financial and governmental industries. It is headquartered in Bellevue, Washington, with offices in Washington, D.C. OTA’s goals include:

“OTA’s newest board members bring unique experiences which will prove invaluable to our mission of enhancing consumer trust and promoting marketplace innovation,” said Craig Spiezle, Executive Director and President of OTA. “Neill knows website security inside and out – from small business to enterprise.”

SiteLock’s involvement with OTA comes at a time when over 70% of security breaches are targeted to small businesses or similar industries. In fact, there are 160,000 new samples of malware being spotted every day – and trojans are now responsible for four out of five (79.9 percent) malware infections around the world. SiteLock aims to help businesses of all sizes prevent and address data breaches through its innovative and sophisticated web security solutions.

For additional information regarding the SiteLock website security product suite, visit www.sitelock.com. For additional information about OTA, visit https://otalliance.org/dpd.

OTA’s 2015 Data Protection and Breach Readiness Guide

Screen Shot 2015-04-02 at 1.57.44 PMThe Online Trust Alliance (OTA) recently released its 2015 Data Protection and Breach Readiness Guide for its seventh consecutive year. This guide helps provide businesses with prescriptive advice to help optimize data privacy and security practices to prevent, detect, contain and remediate the risk and impact of data loss incidents and breaches.

The 2015 Data Protection and Breach Readiness Guide was created with the help of SiteLock and over 100 other security and privacy experts. Attendees of OTA’s Data Privacy & Protection Day Town Halls also contributed to the guide, which include representatives from top government agencies such as the FBI, FTC, and State Attorney General’s Offices.

The guide begins by examining data breaches throughout 2014, and found that over 90% of all data breaches could have been prevented throughout the past year, with a 91% increase in targeted attacks. Furthermore, 37% of all data breaches were caused by an insider within the company.

To reduce and mitigate data breaches and their associated damages, OTA’s guide includes:

  • Tips for communicating appropriate data breach notifications and responses, including sample notification templates
  • A data lifecycle overview, explaining how to properly secure collected data
  • Steps for creating an incident response team by establishing a vendor/law enforcement relationship and creating response plans
  • A list of encryption resources, cyber insurance considerations and forensics basics

To obtain OTA’s 2015 Data Protection and Breach Readiness Guide in its entirety, which also includes additional statistics on the current state of cyber security, please visit https://otalliance.org/breach.

 

SiteLock Website Security and Web.com Group Announce new Partnership

sitelock-webcomSiteLock just announced a partnership with Web.com earlier today, who will now offer SiteLock’s suite of website security products to customers who sign up for their hosting plans.

Web.com, including Network Solutions and Register.com, hosting customers will be offered options for bundled packages of SiteLock’s security services – which include daily website scanning and automatic malware removal along with TrueShield™ web application firewall, which protects websites from malicious traffic and blocks harmful requests.

“As we searched for a security solution for our customer base, we chose to partner with SiteLock”, stated Amit Mathradas, senior vice president, Marketing for Web.com.  “SiteLock’s comprehensive Find, Fix, Prevent, Accelerate and Comply solution set along with their 24/7 support provides a superior security solution for our client base.”

“We are very excited to add Web.com to the rapidly growing family of SiteLock partners”, says Tom Serani, Executive Vice President of Business Development for SiteLock.  “Web.com’s robust lineup of services for the website community are perfectly suited for SiteLock’s product offering of advanced website security along with website acceleration features that come with our global Content Delivery Network (CDN).  This partnership will provide Web.com’s customers with everything they’ll ever need in the area of website security and acceleration.”

For additional information regarding the SiteLock website security product suite, visit www.sitelock.com. For additional information about Web.com, visit www.web.com.

SiteLock and OpenSSL: What You Need to Know About the Latest Vulnerabilities

Website SecurityFREAK (Factoring Attack on RSA-EXPORT Key) is one of the latest web security threats to go public, which works by weakening users’ encrypted connections on SSL and TLS, allowing a hacker to intercept and decipher data.

The threat affects mostly mobile device browsers, such as Apple’s Safari and Android device browsers, but it also affects older versions of OpenSSL including 1.0.2, 1.0.1, 1.0.0 and 0.9.8. Version 1.0.2 of OpenSSL has been classified under a “high” severity of vulnerability.

Just yesterday, The OpenSSL Project announced a series of patches for the vulnerability, which also fixes 12 other issues including DoS weaknesses. If you’re a SiteLock customer, don’t worry – SiteLock is not using a vulnerable version of OpenSSL, and therefore the new vulnerability will not affect your service.

Furthermore, SSL connections to all SiteLock protected domains are always secured by default as we secure connections before passing them on the origin servers. The SiteLock team is paying close attention to the issue on a 24/7 basis, and will be applying additional patches as they are released.

 

Malware Uncovered: What Infecting a Website Actually Looks Like

website_malware_ removalSince malware is part of our everyday life here at SiteLock, we thought we’d share a simple case of website malware to help everyone understand the basics of malware and how we help. If knowledge is power, then our goal is to make our customers the most powerful source in the world today. Happy reading.

During a malware clean of a new customer’s site, we found some simple, well-known malware — a perfect example for an introductory post on malware. The site was compromised through an arbitrary file upload and malicious code was ultimately injected into the index of the site. Likely an automated process, the code was injected before the closing <body> tag.

Untitled

This is an almost standard obfuscation (a type of encoding that transforms data in a way that can be reversed without a key) of PHP code using Base64 encoding, compression and error suppression. It wouldn’t decode at the excellent unphp.net, but could not withstand the power of our internal tools.

1

This outputs the secondary obfuscated code which used the same techniques as the first iteration but in a different way. Eval was replaced with preg_replace() /e, which is equivalent to eval, and the conspicuous prepended hex was the Base64 decode, uncompress and eval as before.

12

This reveals the resultant PHP code which has, right at the top, the URL to the beginning of the end goal, injecting pharma, or pharmacy, spam links. The URL leads to a list file, 13.list, which is a short list of three URLs which are simply pages full of pharma links. This type of “pharma” hack allows pharmaceutical sales sites to appear higher in Google results than they otherwise would.

13

The remainder of the injected code checks the freshness of the links and injects them into the page.

14

15

This simple example shows how bad actors and their network of automated tools and compromised sites can inject pretty much whatever they want into a site with less than ideal security. With an outdated plugin and no firewall or malware scanner your site will be pushing the latest in pharmaceutical buzzwords before you know it, again, in this example, allowing pharmaceutical sales sites greater search rank.

The SiteLock® InfinityTM scanner can find malware like this can remove it automatically while the SiteLock TrueShield Web Application Firewall (WAF) stops the exploits, blocking the entry points for injection, before the compromise can even occur.

Keep your site secure with the latest updates and appropriate security. It’s your livelihood, isn’t it worth a little security?

How to Lose a Customer in Four Seconds

fight_backRemember the days when you could stop to make your morning coffee while waiting for a website to load? How about the times you wondered if your Internet was down because a picture took more than a few minutes to render? In the time it’s taken you to read this beautifully crafted intro, some websites will have lost precious traffic because their load time was over four seconds. Customers will wait — at most — 15 seconds, then leave your site and never come back. This may not seem like a big deal, but it has fiscal impacts on businesses of all sizes. Research by Kissmetrics revealed that even one second page delay could potentially cost businesses $2.5 million in sales every year.

The best way to save money, protect your reputation and increase your search rank is to deploy a Content Delivery Network (CDN).

Content Delivery Network (CDN)

A CDN is a network of servers located in different geographical locations. These servers work together to deliver cached web content to users based on their locations. The closer the CDN is to the user, the faster the site will load for them.

unnamed

How it works

Let’s say your business is located in New York, but your site is being accessed by someone in Brisbane, Australia. Instead of delivering content from your server in New York, content is delivered to them by the data center in Sydney, decreasing load time and server load. This is possible because the data center in Sydney stores a cached version of your website from the New York server. Even if you make an update to your website in New York, the Sydney data center will update periodically throughout the day (e.g., the SiteLock® TrueSpeed CDN dynamically caches content every five minutes) to ensure the latest information is served to your global customers. (insert CDN image)

Benefits

As a business, this helps by:

  • Increasing website speed by an average of 50%
  • Distributing loads on your main server to multiple servers in different locations
  • Improving user experiences which can lead to increased page views
  • Optimizing search engine results by dynamically caching your site’s HTML

Having a global CDN is a great start, but visitors to your site still might not be 100% secure. The SiteLock TrueShield Web Application Firewall, accompanied by TrueSpeed CDN technology, provides protection to efficiently block harmful requests and at the same time increases website speed to maximize its performance. Sign up for SiteLock today and say goodbye to the days of painfully slow websites.

 

SiteLock and WordPress SEO by Yoast: What You Need to Know  

YOAST_logo_RGBThis past Wednesday, Yoast, makers of one of the most popular WordPress plugins, WordPress SEO by Yoast, disclosed a blind SQL injection vulnerability against authenticated users given a successful cross site request forgery (CSRF) attack.

What is blind SQL injection and CSRF, how can the WordPress SEO vulnerability affect your site, and what should you do about it?

Don’t worry, SiteLock will help with everything.

The original exploit, responsibly disclosed by the WPScan security team, is an authenticated, blind SQL injection vulnerability in WordPress SEO’s admin/class-bulk-editor-list-table.php file where visitor controlled input was not, despite good coding practices, properly sanitized from malicious input. Meaning, a bad guy could manipulate the URL and affect the target database without real-time feedback (that’s the blind part).

Here’s where the authenticated part comes in. For the SQL injection exploit to work, a WordPress admin, editor, or author must be logged in and essentially tricked to click a link which triggers another, malicious action on the logged in site that the legitimate, logged in user did not intend. An example would be convincing an authenticated site admin to click a link which resets the admin password. Tricky indeed.

Put together, the WordPress SEO SQL injection vulnerability leverages cross site request forgery to allow an attacker to make changes to the victim WordPress database. So, find a vulnerable version of WordPress SEO, trick an authenticated user to click a link, and run database command or commands to achieve a nefarious goal.

If you run the WordPress SEO by Yoast plugin on your site, update immediately. Patched versions for 1.5, 1.6, and 1.7 are 1.5.7, 1.6.4, and 1.7.4 respectively. If you’re not running those versions, again, upgrade immediately. Premium users are urged to follow the upgrade instructions at http://kb.yoast.com/article/34-how-can-i-update-my-premium-plugin.

With SiteLock on your side and your site, you’re already protected from this vulnerability on multiple fronts. The SiteLock TrueShield web application firewall stops SQL injection attacks before they reach your site. SiteLock’s SMART and penetration testing scanners find and remove malware automatically if by some chance malware gets on your site. Finally, SiteLock’s TrueCode can perform deep code analysis to catch vulnerabilities in your codebase before it’s deployed.

Keep your WordPress install, plugins, and themes up-to-date, and keep up-to-date on the latest, essential security news on The Website Risk Lock-Up.

Follow

Get every new post delivered to your Inbox.

Join 59 other followers

%d bloggers like this: