SiteLock

Neill Feather Named One of the Phoenix Business Journal’s Most Admired Leaders

We are thrilled to announce our president and co-founder, Neill Feather, has been recognized as a Most Admired Leader by the Phoenix Business Journal. Neill’s overwhelming contributions to the company, community and industry as a whole have earned him a spot on the publication’s exclusive list.

“It’s a great honor to be included in this year’s list of Most Admired Leaders,” said Feather. “At SiteLock, we have worked hard to strengthen ties between our company and community, so it’s very rewarding to see our efforts pay off.”

Read More

Malware

Magento Infection Sends Stolen Credit Card Data To Black Market

Authors: SiteLock Research Analysts, Josh Martin and Michael Veenstra

While investigating suspicious files on a customer’s eCommerce site, the SiteLock Research Team found malicious payment processing code injected into Magento application files that skimmed credit card data and administrative login credentials. The malicious code sent stolen credit card data directly to a publicly accessible carding market where victim’s card details were listed for sale. In this article we analyze the infection, take a deeper look at the carding market, and discuss ways you can keep your site and your credit card data secure.

Read More

SiteLock Top Companies Award

SiteLock Named One Of the Top Companies to Work For In Arizona!

We are excited to announce that SiteLock has been named one of the 2017 Top Companies to Work for in Arizona by azcentral.com and BestCompaniesAZ! Even more notable, we ranked #24 in our category based on employee survey results and for creating a culture that our employees love to be a part of.

We are also happy to report that our employee survey results averaged an overall favorable rate of 90 percent and an overall employee engagement score of 92 percent, which is more than double the national average, according to Denise Gredler, Founder and CEO of BestCompaniesAZ.

Read More

SiteLock Security By Obscurity

Security by Obscurity [Infographic – Updated Q2 2017]

Many small business owners don’t realize their websites are targeted by cybercriminals. As a result, they may not have proper security in place to protect their sites in the event of a malicious cyberattack. Instead, they rely on “security by obscurity,” which implies that the less popular and attention grabbing the website, the less likely it is to be compromised.

In reality, there’s no such thing as “too small to hack.” Any business that has a website, regardless of number of features or amount of traffic, will always be at risk of cyber threats. Read our infographic to learn more.

Read More

SiteLock Popularity Infographic

Popular but Insecure [Infographic – Updated Q2 2017]

Did you know that the more complex and feature-rich a website is, the more likely it is to be compromised? The problem at hand is, website owners might not be aware of all the potential security risks associated with their websites until after an issue has occurred.

In this infographic we compare celebrities to websites to help illustrate the correlation between website popularity and an increased likelihood of cyberattacks.

Read More

rnc data breach web security best practices

The RNC Data Breach: Pitfalls of Neglecting Web Security Best Practices

In a recent security report, researchers revealed an unsecured archive of US voter data collected by Deep Root Analytics, a data firm connected to the Republican National Convention (RNC). The exposed data — which included full names, addresses, and phone numbers of 198 million registered voters — was uncovered by a security researcher in an internet-accessible database with no password protection or any other security measures. The database has been secured at the time of this writing, but it remains unclear how long this data was exposed to the internet.

It may be easy to assume exposures of this nature are an inevitability. After all, a data analytics firm associated with a major political party sounds like a clear target for bad actors. However, the data was discovered by a researcher performing unrelated searches through Amazon’s S3 infrastructure for any unprotected data, not targeted attacks against Deep Root Analytics or even voter data in particular. This fact underscores a critical necessity of the Internet: prioritize the security of your data at all stages of its life cycle. Your data needs to be secure where it’s stored, during network transit, and when it’s in the hands of third parties. This data leak in particular was the result of the RNC failing to properly ensure the security of their data in the hands of a third party contractor.

Read More

ftc protecting small businesses

New Government Website Highlights Small Business Cybersecurity Risks

The US Federal Trade Commission (FTC) recently launched a new website aimed at educating small business owners on the risks of cybercrime and the steps they can take to protect their business.

“Small businesses are critical to our economic strength, building America’s future, and helping the United States compete in today’s global marketplace,” said FTC Acting Chairman Maureen Ohlhausen. “This innovative new website is a one-stop shop where small businesses can find information to protect themselves from scammers and hackers, as well as resources they can use if they are hit with a cyberattack.”

Read More

Malware

Trending “Fireball” Adware Raises Botnet Concerns

Earlier this week, security researchers reported on a trending adware infection known as Fireball. Sourced to the Chinese marketing firm Rafotech, reports indicate a footprint of more than 250 million infected machines worldwide. While the infection currently appears to only make changes to victims’ browser homepages and search engines, analysis suggests that the software could be remotely leveraged to act as a malware dropper. A malware dropper is a program that can be used to remotely install malicious software onto a victim’s computer or network. This can be performed after any amount of time following the installation of the dropper itself.

If true, it’s possible that infected systems could be made part of a botnet and used to carry out new types of attack over the Internet.

The Fireball adware is being distributed via freeware software installers through a method known as bundling. You’re likely to have seen bundling yourself at some point. Legitimate software developers use bundling as a way to monetize the release of otherwise free software. When you download and install such a program to your computer, you may notice that you’re being asked to install additional, unrelated software, like toolbars or free trials of a different company’s programs. While annoying, most cases of bundling are simply a way for developers to make money while releasing a free product. However, this can also be used to deliver PUA (Potentially Unwanted Applications), like adware, software that can track your behavior online and serve advertisements based on this data.

Because of this, it’s important to remain mindful of the sources of programs you install. Cracked versions of paid products frequently include malicious files that can be used to infect your systems. For website owners, this also applies to pirated versions of software that you might want to install on your website, like premium WordPress plugins and themes. Even if the pirated files are free of malware, they do not typically receive security patches from the original developers, or they could be configured to download a malicious component at a later time. This can open your website to a myriad of vulnerabilities that can be exploited by attackers to cause further damage to your online reputation.

Another point to consider, in the wake of Fireball’s massive online footprint, is the potential for damage caused by a botnet of this size. Malicious tasks that would be practically impossible for a single machine to perform (bulk hash cracking, login bruteforcing, denial of service attacks, etc.) become trivial when an attacker can utilize a quarter billion machines simultaneously to accomplish their goals. The potential for mobilization on this scale means it’s as important as ever to ensure tight security on all of your systems.

Strong passwords are a good start. Changing passwords regularly is another important step, given the frequency of major data leaks across the internet. By changing your credentials, you render a previously leaked password useless.

Protecting your website from bot traffic is a critical step in preventing malicious activity on your site. SiteLock TrueShield, a web application firewall,  provides effective traffic filtering that can drastically limit the impact of these attacks. Contact a SiteLock Website Security Consultant at 855.378.6200 to find the right security package for your business. We are available 24/7/365 to help.

The Ballooning Cost of Cybercrime

The legal industry finds itself in the upper echelons of companies when it comes to the fiscal impact of a cybercrime. However, many are ignoring this risk. According to the American Bar Association’s (ABA) 2015 Legal Technology Survey, about half of firms said they had no response plan in place to address a cybersecurity breach.

Furthermore, Cybersecurity Ventures predicts the costs associated with a cyberattack could balloon to $6 trillion globally by 2021. To put that in perspective, if cybercrime were a country, the number would represent the fourth highest Gross Domestic Product (GDP) in the world.

To better understand the costs associated with cybercrime it is helpful to group the expenses in two buckets, direct and indirect.

Read More

SiteLock Unlocked: A Day in the Life of a Website Security Research Analyst

Welcome to SiteLock Unlocked, our new blog series that provides exclusive one-on-one interviews with the awesome team members here at SiteLock. Through this series, you’ll get an inside look at the more personal side of SiteLock. We’ll interview different SiteLock members from various departments to highlight how their dedicated efforts contribute to your website security.

To kick-start our series, we sat down with a member of the SiteLock Research team to showcase what a day in the life as a SiteLock Website Security Research Analyst looks like.

Read More

Page 1 of 27

Powered by WordPress & Theme by Anders Norén