- PCI for SMB: Requirement 9 – Implement Strong Access Control Measures 16 November 2018
Welcome to the sixth post of a series on understanding the Payment Card Industry Data Security Standard–PCI DSS. We want to show how PCI DSS affects anyone going through the compliance process using the PCI SAQ’s (Self Assessment Questionnaires).
In the previous articles written about PCI, we covered the following:
- Requirement 1: Build and Maintain a Secure Network – Install and maintain a firewall configuration to protect cardholder data.
- Requirement 2: Build and Maintain a Secure Network – Do not use vendor-supplied defaults for system passwords or other security parameters.
- Real-Time Fine-Tuning of the WAF via API 14 November 2018
Though the Sucuri Firewall is simple to set up and protects your website immediately, it’s possible to have granular control of the WAF by using an API.
For instance, there’s a specific filter inside the WAF dashboard called Emergency DDoS. This filter basically increases the strength of the DDoS protection to an “emergency” level where most non-human access is blocked.
API to Boost Firewall Protection
The Firewall API is mostly used for whitelisting and clearing the website cache.
- Hackers Change WordPress Siteurl to Pastebin 13 November 2018
Last Friday, we reported on a hack that used a vulnerability in the popular WP GDPR Compliance plugin to change WordPress siteurl settings to erealitatea[.]net. At that time it was not clear who was behind the massive attack, since the erealitatea[.]net domain didn’t work and the infection simply broke the compromised sites. Our SiteCheck scanner detected the infection on about 700 sites over the weekend and PublicWWW now currently returns 573 results.
- Erealitatea[.]net Hack Corrupts Websites with WP GDPR Compliance Plugin Vulnerability 10 November 2018
We have noticed a growing number of WordPress-based sites that have had their URL settings changed to hxxp://erealitatea[.]net. Further investigations show that the issue is related to a security vulnerability in the WP GDPR Compliance plugin for WordPress (with 100,000+ active installations).
The new General Data Protection Regulation (GDPR) laws in the EU have made the plugin extremely popular. Many sites are looking for an easy way to comply with these new laws.
- 10 Tips to Improve Your Website Security 7 November 2018
Having a website has become easier than ever due to the proliferation of great tools and services in the web development space. Content management systems (CMS) like WordPress, Joomla!, Drupal, Magento, and others allow business owners to build an online presence rapidly. The CMS’s highly extensible architectures, rich plugins, and effective modules have reduced the need to spend years learning web development before starting to build a website.
The ease of launching an online business or personal website is great.
- New WordPress Security Email Course 5 November 2018
Recent statistics show that over 32% of website administrators across the web use WordPress.
Unfortunately, the CMSs popularity comes at a price — attackers often seek out vulnerabilities to exploit and target unhardened WordPress sites. If a site is compromised, it often becomes the host of malicious malware or spam campaigns, harming your website’s reputation and visitors in the process.
Knowledge is power, and we’re here to help! We’ve created a new WordPress Security Email Course to help improve your website’s security posture and reduce the risk of a security incident.
- Website Security Tips for Marketers 31 October 2018
In our previous post, we have discussed why marketers should have a proactive approach to website security. Today we are going to discuss some security tips marketers can put into practice. In the simplest terms, website security means three things here at Sucuri:
- Protecting your website from compromises.
- Monitoring for issues so you can react quickly.
- Having a documented emergency response plan.
Marketers should champion these initiatives so they can be prioritized by their business development team.
- Web Marketers Should Learn Security 29 October 2018
Most online marketers think of themselves as T-shaped individuals. The theory behind this concept is that individuals possess a wide range of skills, with some abilities running deeper than others.
Website security awareness is in short supply and we need more champions — especially among small and medium-sized businesses. Digital marketers are in a prime position to add security know-how to their diverse toolkit.
Source: The T-Shaped Web Marketer by Rand Fishkin
It makes sense for marketers to want to secure their websites.
- Saskmade[.]net Redirects 26 October 2018
Earlier this week, we published a blog post about an ongoing massive malware campaign describing multiple infection vectors that it uses. This same week, we started detecting new modifications of the scripts injected by this attack.
The general idea of the malware is the same, but the domain name and obfuscation has changed slightly.
For example, in the wp_post table they now inject this script:
- OWASP Top 10 Security Risks – Part II 25 October 2018
It is National Cyber Security Awareness Month and in order to bring awareness to what threatens the integrity of websites, we have started a series of posts on the OWASP top 10 security risks.
The OWASP Top 10 list consists of the 10 most seen application vulnerabilities:
- Broken Authentication
- Sensitive data exposure
- XML External Entities (XXE)
- Broken Access control
- Security misconfigurations
- Cross-Site Scripting (XSS)
- Insecure Deserialization
- Using Components with known vulnerabilities
- Insufficient logging and monitoring
In our previous post, we explained the first two items on the OWASP Top 10 list: injection and broken authentication.
- Multiple Ways to Inject the Same Tech Support Scam Malware 23 October 2018
Last month, we shared information about yet another series of ongoing massive infections using multiple different vectors to inject malicious scripts into WordPress websites.
Shortly after, the campaign changed the domain names used in its scripts. Now it mainly uses hotopponents[.]site and learningtoolkit[.]club.
At the time of this writing, PublicWWW finds the most common patterns of this malware on thousands of sites:
- “var _0xfcc4=” – 8501 sites
- “hotopponents.site/site.js” – 3636 sites
Multiple variations of the injected scripts have been found.