Tag: Security (Page 1 of 2)

how to prevent security breaches

This Week in Exploits: How Browser Security Can Help Website Security

Modern browsers are more than programs used to peruse the web. Browsers are tools used to communicate, develop, conduct financial transactions, and interact with government agencies. This week we discuss browser security and how it can impact website security, because as a website is the portal to a company’s online presence and resources, a browser is the entryway into a user’s workstation and the data within.
The link between browser security and website security is not conflated. We’ve seen many sites compromised through stolen FTP credentials, and entire company file stores lost to ransomware. Browsers were the likely point of entry of these compromises, and every website owner and web developer is sure to have a browser, likely multiple browsers, on the computer hosting or accessing site files and credentials. Again, the browser is the portal from the open web to the workstation, and we’ll cover the steps necessary to better secure this entry point.

 

Read More

SiteLock website security

Five Easy Ways to Avoid Being Hacked This Holiday Season

October is Cyber Security Month and it’s a good excuse to assess your web applications and website security before the holiday season.

Few things pose as much risk as an attack aimed at your website. Consider the impact of data breaches to Target, Home Depot and, most recently, Experian and the American Bankers Association. It seems that not a week goes by without a new massive breach making headlines.

While organizations often think of protecting their network, website security is often overlooked, leaving a massive vulnerability open to exploitation. How can you ensure your web applications and website are safe? Use these five tips to make sure your security is where it needs to be:

Read More

how to prevent security breaches

This Week in Exploits: Phishing Attacks and How to Counter Them

In this week’s post, we take a look at “in-the-wild” phishing attacks and how to counter them. Protecting yourself from phishing and malware attacks is not only important, it’s a fundamental Internet survival skill, made even more essential if you have a web presence you depend on. A compromised workstation could lead to compromised credentials, ultimately leading to complete control of your website by bad actors. We don’t want that.

Read More

Cybersecurity Report: June 29, 2015

Hackers Ground Polish LOT Airline Flights

LOT, the Polish national airline, announced on Sunday that it cancelled 10 flights due to the cyber attack towards its ground computer systems at Warsaw’s Okecie airport. The cyber attack took down LOT’s ground computer systems for 5 hours during which time 10 flights were cancelled impacting over 1,400 passengers who had planned to travel to Dusseldorf, Hamburg, Copenhagen, and some internal flights within Poland.  

Read More

Cybersecurity Report: June 23, 2015

Cybersecurity Pros Warn Against Insider Threats

cybersecurity reportA recently released Insider Threat Report collected data from over 500 cybersecurity professionals to examine industrial efforts against insider threats. According to the report, although there has been a rise of insider threats over the last 12 months, organizations are not fully prepared for it yet. The report also examined which user categories showed the largest threat, the most vulnerable applications and data, common launch points for attacks, budget trends and more.

Read More

Must-Know Privacy and Security Compliances

With cyber attacks and data breaches on the rise, privacy and security compliances are more important than ever. What are compliances? Generally, they’re laws designed to protect private consumer and company data from being stolen and exposed.

Privacy and security compliances span across many industries – education, government, health and high-tech like cloud and SaaS. You may have even heard of a few of them, like HIPAA or SOC.

Govloop

Neill Feather, president of SiteLock, recently wrote an article highlighting the top 3 privacy and security laws that you should know, along with some tips to help organizations improve website compliance. You can read it on Govloop by clicking here.

 

How Securing Data Can Improve the SEO of Your Website

Seo Key On Computer KeyboardSEO (Search Engine Optimization) is the process of improving your website’s ranking among search engines like Google and Bing. Over the past few years, SEO has greatly evolved. Keywords and backlinks (other websites linking back to yours) used to have a huge impact on SEO rankings, but have since been taken over by new and improved algorithms such as Google’s Penguin and Hummingbird, which aim to decrease black-hat (negative) SEO techniques such as link spam.

With cyber attacks on the rise, search engines have been increasingly factoring in malware and other malicious behavior into their SEO algorithms. Properly securing your data can provide a large boost to your website’s SEO rankings. Below are 3 ways you can improve the SEO ranking of your website by securing your website.

Moderate comment spam

Malicious links hosted on your website can negatively impact your SEO and, worst case, can flag your website as malware or spam, preventing users access to it.

One of the easiest ways for hackers to place malicious or irrelevant links on your site is through comments on your blog. These links damage your site’s authority and credibility so managing them is critical. Fortunately, there are several things you can do to automate the moderation process of comments:

  • If you’re using a Content Management System (CMS) like WordPress, look into one of their comment system plugins
  • Enable CAPTCHAs when possible, as an extra layer of security
  • Disable anonymous posting, and only allow registered users to post comments
  • If you have an active moderator, require that comments be approved before they are posted on your website
  • Enable a web application firewall (similar to our TrueShield WAF) which will block malicious bots from accessing your site to begin with
  • If you’re still having trouble with comment spam, you should disallow hyperlinks in comments altogether

Regularly scan your website for malware

Often times, malware and malicious links can be injected into the code of your website without notice, negatively affecting your SEO. Reversing the whole process is both difficult and time consuming, since injected malware can be hard to spot and made to look like regular code.

A website malware scanning tool can scan your code each day for malware (and suspected malware) and in some cases automatically remove the threats or point you directly to the suspected malware. This means  you don’t have to search line-by-line  through code in the event that your website is compromised. The SiteLock® Website Scanning and Malware Removal product provides automated alerts to help you avoid search engine blacklisting, saving your business’s reputation and SEO positions.

Cache website data with a CDN

A CDN (Content Delivery Network) is a website optimization infrastructure that works by caching website’s content across data centers around the globe. This results in quicker  website load times since content is served locally to visitors. It also improves website security since, as is the case of the SiteLock CDN, data is fully encrypted both in transit, and at rest.

Major search engines like Google factor load times into their SEO algorithms (time to first byte – TTFB), so by using a CDN, your website can experience a boost in SEO while improving security at the same time.

Want to see how your SEO stacks up? Many online tools can scan your website and provide suggestions to improve your SEO.

 

Website protection

The State of Cyber Security in February 2015: Top 7 Trending Stories

Cyber security February 2015

One year ago in February, the major eBay hack was in progress, eventually resulting in over 233 million passwords being stolen. Fast forward to 2015, and we’ve had several trending cyber security issues appear in just these first few weeks.

Below are 7 trending cyber security stories that you should read for February 2015.

Read More

SiteLock and GHOST: What You Need to Know

GHOST server vulnerabilityGHOST is now a household name to those even peripherally involved in information security. GHOST is the buffer overflow vulnerability found in certain versions of glibc, the GNU C library, and it’s named after the functions used to reach the exploitable code in the library, gethostbyname() and gethostbyname2().

What has SiteLock done to address the GHOST scourge, and what do SiteLock customers need to know moving forward?

SiteLock patched all TrueShield and TrueSpeed servers against the GHOST vulnerability on September 28, the day after disclosure. Signatures mitigating XML-RPC exploits, which could be used against WordPress installs for example, were implemented beginning the week of February 2nd. And as always, our security team is constantly on the lookout for signs of new GHOST exploitation use.

As a SiteLock customer, we recommend patching all servers using vulnerable versions of glibc, glibc-2.2 to glibc-2.17, to glibc-2.18 or higher.  All major Linux vendors released patches for glibc and they should be applied and servers rebooted as soon as possible.  Also be aware of SUID-root programs on servers which use gethostbyname*().  To find SUID binaries on a system — a sound security practice regardless of GHOST — open a root shell and run the following command.

# find / -user root -perm -4000 -exec ls -ldb {} ; | tee suid.list

Stayed tuned to the SiteLock Blog for the latest developments on GHOST and website security.

 

Give Us This Day Our Daily Breach

daily breachSeems like hardly a day goes by without a report of yet another data breach. And that’s because a day doesn’t go by without one. There has been an average of one reported data breach every day for the last five years, and 2014 has no intention of bucking the trend.

According to the non-profit Identity Theft Resource Center, there have been 411 reported data breaches in the U.S. in the first six months of this year. That works out to an average of more than two data breaches every day. And those data breaches combined have exposed an estimated 11 million records.

Read More

Page 1 of 2

Powered by WordPress & Theme by Anders Norén