Category: Cybersecurity News (Page 1 of 4)

rnc data breach web security best practices

The RNC Data Breach: Pitfalls of Neglecting Web Security Best Practices

In a recent security report, researchers revealed an unsecured archive of US voter data collected by Deep Root Analytics, a data firm connected to the Republican National Convention (RNC). The exposed data — which included full names, addresses, and phone numbers of 198 million registered voters — was uncovered by a security researcher in an internet-accessible database with no password protection or any other security measures. The database has been secured at the time of this writing, but it remains unclear how long this data was exposed to the internet.

It may be easy to assume exposures of this nature are an inevitability. After all, a data analytics firm associated with a major political party sounds like a clear target for bad actors. However, the data was discovered by a researcher performing unrelated searches through Amazon’s S3 infrastructure for any unprotected data, not targeted attacks against Deep Root Analytics or even voter data in particular. This fact underscores a critical necessity of the Internet: prioritize the security of your data at all stages of its life cycle. Your data needs to be secure where it’s stored, during network transit, and when it’s in the hands of third parties. This data leak in particular was the result of the RNC failing to properly ensure the security of their data in the hands of a third party contractor.

Read More

ftc protecting small businesses

New Government Website Highlights Small Business Cybersecurity Risks

The US Federal Trade Commission (FTC) recently launched a new website aimed at educating small business owners on the risks of cybercrime and the steps they can take to protect their business.

“Small businesses are critical to our economic strength, building America’s future, and helping the United States compete in today’s global marketplace,” said FTC Acting Chairman Maureen Ohlhausen. “This innovative new website is a one-stop shop where small businesses can find information to protect themselves from scammers and hackers, as well as resources they can use if they are hit with a cyberattack.”

Read More

Malware

Trending “Fireball” Adware Raises Botnet Concerns

Earlier this week, security researchers reported on a trending adware infection known as Fireball. Sourced to the Chinese marketing firm Rafotech, reports indicate a footprint of more than 250 million infected machines worldwide. While the infection currently appears to only make changes to victims’ browser homepages and search engines, analysis suggests that the software could be remotely leveraged to act as a malware dropper. A malware dropper is a program that can be used to remotely install malicious software onto a victim’s computer or network. This can be performed after any amount of time following the installation of the dropper itself.

If true, it’s possible that infected systems could be made part of a botnet and used to carry out new types of attack over the Internet.

The Fireball adware is being distributed via freeware software installers through a method known as bundling. You’re likely to have seen bundling yourself at some point. Legitimate software developers use bundling as a way to monetize the release of otherwise free software. When you download and install such a program to your computer, you may notice that you’re being asked to install additional, unrelated software, like toolbars or free trials of a different company’s programs. While annoying, most cases of bundling are simply a way for developers to make money while releasing a free product. However, this can also be used to deliver PUA (Potentially Unwanted Applications), like adware, software that can track your behavior online and serve advertisements based on this data.

Because of this, it’s important to remain mindful of the sources of programs you install. Cracked versions of paid products frequently include malicious files that can be used to infect your systems. For website owners, this also applies to pirated versions of software that you might want to install on your website, like premium WordPress plugins and themes. Even if the pirated files are free of malware, they do not typically receive security patches from the original developers, or they could be configured to download a malicious component at a later time. This can open your website to a myriad of vulnerabilities that can be exploited by attackers to cause further damage to your online reputation.

Another point to consider, in the wake of Fireball’s massive online footprint, is the potential for damage caused by a botnet of this size. Malicious tasks that would be practically impossible for a single machine to perform (bulk hash cracking, login bruteforcing, denial of service attacks, etc.) become trivial when an attacker can utilize a quarter billion machines simultaneously to accomplish their goals. The potential for mobilization on this scale means it’s as important as ever to ensure tight security on all of your systems.

Strong passwords are a good start. Changing passwords regularly is another important step, given the frequency of major data leaks across the internet. By changing your credentials, you render a previously leaked password useless.

Protecting your website from bot traffic is a critical step in preventing malicious activity on your site. SiteLock TrueShield, a web application firewall,  provides effective traffic filtering that can drastically limit the impact of these attacks. Contact a SiteLock Website Security Consultant at 855.378.6200 to find the right security package for your business. We are available 24/7/365 to help.

iot vulnerability

WikiLeaks: Many Internet Connected Devices Have Vulnerabilities

A series of internal CIA documents released Tuesday by WikiLeaks serve as a reminder that any computer, smartphone or other device connected to the internet is vulnerable to compromise.

The 8,761 documents detail a CIA hacking program with 5,000 registered users that produced more than a thousand hacking systems, Trojans, viruses, and other “weaponized” malware. The scale of the program was so massive that by 2016, its hackers had utilized more code than what is currently used to run Facebook.

Read More

pci compliance

PCI Compliance: The Key To eCommerce Customer Trust

Picture this. You just launched your first company website to sell your clothing line. Customers are purchasing products, and you’re starting to make a profit, then BAM! You get hit with a fine because your website is not PCI compliant. What’s next?

What Is PCI Compliance?

PCI Compliance is a security requirement created for online merchants by five of the major credit card companies, American Express, Discover Financial Services, JCB International, Mastercard and Visa, to protect customers and reduce fraud.

Read More

website security

Why Cybersecurity Matters

National Cybersecurity Awareness Month (NCSAM) is observed every October to raise awareness around the importance of cybersecurity. As we head into a new month, we remain focused on promoting the importance of practicing vigilance about cybersecurity year-round.

At SiteLock, our mission is to help create a secure Internet for all users. Regardless of industry, age or education, cybersecurity concerns us all. Cyberattacks can impact individuals as young as children, and organizations as large as Yahoo. Learn from the examples we provide in this blog as SiteLock President, Neill Feather, weighs in on why cybersecurity should matter to you.

Read More

technology risks

It’s a Scary Cyber World

We live in a world where technology rules. From our phones to our cars, we are constantly connected to something, somewhere, at all times. In most cases, the convenience of technology enhances the quality of our lives. But as consumers, there are technology risks and threats we need to be aware (and beware) of. We don’t mean to spook you, but let’s talk about the scary side of the cyber world. 

Read More

cybersecurity for web designers and developers

Web Development and Cybersecurity – Are You Protecting Your Clients?

Cybersecurity continues to be an evolving challenge for website designers and developers. Everyday, hackers create new malware strains and perform sophisticated attacks that can devastate client websites.

SiteLock is promoting Cybersecurity Awareness Month and as a web designer or developer, it is imperative that you understand your role in the security of your clients’ websites. Many people assume that you are handling every aspect of the site, including its protection. Because of this, you must take action and understand how to provide that security.

Read More

LawFirm_DataBreach

Law Firm Data Breach Infographic

With 80 percent of the biggest law firms in the country being hacked since 2011, law firms are prime targets for data breaches. This infographic covers why cybercriminals go after law firms, what types of attacks they use and how you can protect your firm from becoming a victim.

SiteLock offers comprehensive, automated cyber security protection, designed to protect law firms from a data breach.

Read More

phishing emails

Be Cautious of Phishing Emails From “Your Boss”

Have you ever signed into your email only to find a flood of unread emails? Silly question, of course you have. Some of those emails probably get deleted immediately, while others might sit idle in your inbox for weeks. Then there are those emails from your mom, your bank or your boss that require a prompt response… especially the ones from your boss (sorry mom). Have you ever had the feeling that maybe the email labeled as from your boss actually isn’t from your boss at all? This may seem a little far-fetched, but it does happen, and it happens quite often.

Read More

Page 1 of 4

Powered by WordPress & Theme by Anders Norén