This past weekend we found ourselves at WordCamp San Diego…and it was classy. This came as no surprise as the WordCamp theme was “Stay Classy,” a line taken from the comedy gem Anchorman set in the same city. SiteLock was a Gold sponsor (classy!) and along with our seasoned WordCamp goer Adam Warner, our own Web Security Consultant Managers, JC Bustillos and Evan Richardson, also attended the event.
We recently discussed a particularly sneaky piece of malware that’s been disguising itself as fake plugin and targeting Joomla! users. While this phenomenon is not unique to the Joomla! content management system, SiteLock has discovered a recent trending fake plugin for WordPress, one of the world’s largest open source applications.
The fake plugin the SiteLock Research team found is called WP-Base-SEO. It is a forgery of a legitimate search engine optimization plugin, WordPress SEO Tools. Malicious content was found in /wp-content/plugins/wp-base-seo/wp-seo-main.php. At first glance, the file appears to be legitimate, including a reference to the WordPress plugin database and documentation on how the plugin works.
Fake plugin header
This past weekend we found ourselves at WordCamp Atlanta, one of the largest WordCamps in the country. Because this event fell on the St. Patrick’s Day holiday, the theme was “Find your Pot of Gold with WordPress.” This theme was pervasive throughout the entire weekend, even the various speakers built this theme into their sessions!
SiteLock was lucky enough to sponsor the event (no pun intended) and Adam Warner, one of our staples in the WordPress community, had the pleasure of presenting his own story of finding WordPress.
Last year we published an #AskSecPro series where we explained how signature-based malware analysis works, as well as how traditional signatures are created. An area we don’t often talk about in public channels, but has played a pivotal role in SiteLock becoming a global leader in website security solutions, is our research and development efforts in new security technologies. In addition to our more traditional approaches to malware detection, SiteLock continues to explore new frontiers in technological improvement to push the field of security research forward. For some time SiteLock has been developing machine learning mechanisms as part of its process for discovering new malware iterations on an automatic basis. Our research in the field has shown that machine learning promises to be an important part of early malware detection and preliminary identification. One of the most significant breakthroughs we’ve had in machine learning as it pertains to malware detection and signatures, has been in feature-based signature analysis.
A Day of REST Boston was a one-day conference all about the WordPress REST API. Speakers included members of the team who are building the REST API, and developers using it in production websites. Attendees learned how to use the REST API for their projects, along with insights into best practices, tools, coding, and specific use cases.
In Part One of our #AskSecPro series on WordPress Database Security, we learned about the anatomy of WordPress. Now that we have a firm understanding of the role the WordPress MySQL database plays in a WordPress installation, we can take a look at the various ways an adversary can exploit the mechanisms involved. We’ll also explore some of the ways to defend your database against compromise.
Over the last few days you may have heard the term #Cloudbleed thrown around the water cooler. Some of the questions our customers are asking us include, “What is Cloudbleed?” and “Am I protected from Cloudbleed?” As your resident Security Professional, I’ll be glad to help you to understand what the Cloudbleed buzz is all about and how it may impact you.
— First, I want to be very clear that the Cloudbleed bug does NOT impact SiteLock TrueShield™ WAF/CDN. More below.
© Copyright 2017, SiteLock LLC.