What's New Vulnerabilities in WordPress continue, with the latest example being the website hacking of Canadian Internet services company Storm, reports Chris Larsen, a security researcher at BlueCoat. The storm.ca website was being used to host links to bogus sites selling "Viagra," "Cialis" and other popular drugs. Larsen said the number of links to bogus webpages was between 10,000 and 10 billion. "Fortunately, these pages were not something a typical visitor to the site would ever see. And even someone arriving here after clicking on a poisoned link in some search engine results would not see the page, unless they had Javascript turned off in their browser, as I did, since otherwise they'd immediately be redirected" to a bogus site, Larsen explains. After BlueCoat informed Storm about the hack, the IT security team at the Internet service provider removed the bogus link and provided details on the hack and their remediation measures. Larsen explains that to remediate a compromised WordPress site, the storm.ca team suggests the following steps: - "Remove/disable unused plugins. [Ideally, people with responsibility for web site security will review all plugins their site uses, from a risk/benefit perspective: knowing that each such plugin increases the 'attack surface' of the site, is the benefit it provides worth the additional risk?]
- Modify your apache config to not allow the PHP engine to run on any files within the wp-content/uploads tree, so even if someone can upload arbitrary files in there, they won't be easily executable.
- Remove write permissions on the wp-content tree. It's convenient to allow WordPress to be able to self-update plugins, but not at the cost of having the whole directory tree forced to be writable by the server.
- Disable allow_url_fopen and allow_url_include in php.ini -- why is that defaulted to allowed?
- Finally, upgrade WordPress and all plugins to their latest versions!"
Security holes in WordPress have been around for quite some time. In fact, WordPress was blamed for the largest infection of Mac computers ever--the Flashback malware that infected 700,000 Macs in 2012. For more:
- read Larsen's blog
- check out the Kaspersky Lab blog Related Articles:
Hackers using Dropbox, Wordpress to distribute malware
Researchers bypass Dropbox's two-factor authentication, steal data Read more about: WordPress
back to top
| This week's sponsor is HP. |   | Ponemon Report: 2013 Cost of Cyber Crime study
According to the Ponemon Institute’s 2013 Cost of Cyber Crime study, the average cost to businesses of cyber crime is more than $7M per year—a 30% increase over last year. Read the study now for all the details. |
Recent password breaches that compromised nearly two million accounts at Facebook, Google, LinkedIn, Twitter, Yahoo and other websites underscore the need for multifactor authentication and fraud detection, says Centrify CEO Tom Kemp. Earlier this month, Trustwave security researchers found compromised usernames and passwords for more than 93,000 websites on a server in the Netherlands. Trustwave said that the data was probably collected through data-stealing "Pony" malware. To thwart cybercriminals who steal passwords, "we need to move beyond passwords and try to introduce some other factor to validate and verify that the user is really the right user," Kemp tells FierceITSecurity. "When you initially enroll [on a website], you should be able to register devices--have some form of certificate on the device, or the characteristics of the device or the browser should be known by the website operator, as well as the IP address," he explains. "When users do the initial setup, they acknowledge that the device itself is trusted. Then, if there is access from an untrusted device, an email would be sent to a separate account" to verify the identity of the user. "The hacker would not only have to hack the website but also the email account, which would be more difficult," Kemp says. In addition, the website owners need to employ fraud detection methods used in the credit card industry. "Websites should apply some better password policies in terms of looking at abnormalities that are happening. Credit card companies do a good job at saying, 'This transaction is out of the range or from a different location, so that we need to temporarily block access'," Kemp relates. "Finally, there needs to be evangelism with consumers and end users about using the same passwords and other bad password habits," he adds. Kemp concludes: "If you implement a series of small steps, you can get a 5, 10 or 15 percent security improvement, which can mean savings of hundreds of millions of dollars from theft and fraud." For more:
- read the Trustwave blog
- check out the Centrify website Related Articles:
Infographic: What happens after a data breach occurs?
Passwords aren't so bad, say security practitioners
vBulletin admits network was breached, personal information of users stolen Read more about: centrify
back to top
The network security appliance market saw three percent year-over-year growth in the third quarter and flat sequential growth, according to the latest stats from Dell'Oro Group. While the small and medium-size business firewall segment declined, the content security and secure socket layer virtual private network segments increased, Dell'Oro notes. "Unit shipment levels in the Firewall--SMB segment are substantial, so even small fluctuations in average selling prices can have an impact. That is exactly what we saw this quarter. SMB firewall revenue declined in the low single digits, as ASPs fell on flat sequential unit shipments," says Casey Quillin, senior analyst of data center appliance market research at Dell'Oro Group. "Although it was a flat quarter for the total NSA market, the content security and SSL VPN segments did post positive revenue growth, with almost every vendor in these two segments realizing positive sequential sales. Content security was of particular note, as revenues in the third quarter were the highest since we began tracking the segment," adds Quillin. A recent report by Infonetics finds that the NSA and software market increased four percent sequentially in the second quarter to $1.6 billion. Infonetics forecasts that the integrated NSA segment to grow every quarter through the second quarter of next year, while the standalone network security segment is forecast to stall. "Buyers are looking to consolidate security platforms wherever they can. The resulting contraction in standalone security products is directly attributed to two things: customers moving to integrated product solutions that support the functions of the original standalone products with adequate performance and security, and customers transitioning away from product-centric security rollouts to hosted/SaaS solutions," notes Jeff Wilson, principal analyst for security at Infonetics. For more:
- see the Dell'Oro release
- check out the Infonetics stats Related Articles:
SDN market on track to increase by six-fold
Microsoft leads growing SaaS content security market, says Infonetics
Check Point, Fortinet gain on network security appliance leader Cisco Read more about: content security, Network Security Appliance
back to top
Attacks against the domain name system are on the rise, with a 200 percent rise in DNS attacks in the last year, according to data from Prolexic. A few months ago, there was a rash of DNS hijacking attacks against customers of Network Solutions by a pro-Palestinian group, which redirected traffic from the customers' websites to its website. In addition, attackers are able to compromise the DNS to launch distributed denial of service attacks that flood websites with malicious traffic. "DDoS challenges have spiked for enterprises in 2013 ... An increase of higher-volume and application-based DDoS attacks on corporate networks will force Chief Information Security Officers (CISOs) and security teams to find new, proactive solutions for reducing downtime," observes Gartner analyst Lawrence Orans. Network security firm Infoblox details the increasing threats to DNS in an informative Infographic. 
Image: Inflobox Read more about: network security, DNS
back to top
The need to maintain secure networks and increasing Gigabit Ethernet speeds are driving demand in the network monitoring switch market, which is forecast by Frost & Sullivan to reach $3.8 billion in revenues by 2020, up from $459.6 million in revenues this year. Currently, network monitoring switches that are commercially available are not able to monitor networks that run at 100 Gigabit Ethernet speeds, notes Frost & Sullivan. Network monitoring switches, also known as network packet brokers, improve network security by aggregating and filtering data packets traveling across the corporate network. "Switch vendors are focusing on building new architecture that can hold several chassis in order to handle higher Gigabit Ethernet rates. Designing intelligent switches to cater to high bandwidth speeds and capture the right data for analysis is also crucial for market growth," says Sujan Sami, measurement and instrumentation industry manager at Frost & Sullivan. One challenge identified by Frost is a lack of enterprise awareness about the features of network monitoring switches, forcing vendors to spend money on customer training, brand recognition campaigns, trade shows and events. Despite this lack of awareness, Frost expects the enterprise end-user segment to see high growth rates due to infrastructure development, especially in countries in Asia-Pacific and Latin America. "Consolidation will provide added opportunities for vendors to expand product portfolio and gain market share. In fact, mergers and acquisitions will be rampant in the near future in the global network monitoring switches market," predicts Sami. For more:
- check out Frost's release Related Articles:
Microsoft, Mozilla, Opera say 'Non' to French agency certificates
Proactive security will be watchword for enterprises next year
CISOs often neglect supply chain security, warns HP Read more about: Frost & Sullivan, Gigabit Ethernet
back to top
| 
Follow @fierceitsec on Twitter
No comments:
Post a Comment
Keep a civil tongue.