WordPress, Joomla and Drupal sites threatened by CryptoPHP backdoor

large proportion of websites are built on a CMS rather than raw HTML. Three of the most common are WordPress, Joomla and Drupal, and security researchers at Fox-It warn that site administrators are at risk of being socially engineered into installing the CryptoPHP backdoor on their server.
Distributed through pirated themes and plugins, CryptoPHP’s spread is thanks to the light-fingeredness of site admins. It was first detected in 2013 and is still actively spreading. The capabilities of the “well developed” backdoor include remote control of an infected server, and Blackhat SEO — a form of illegal search engine optimization. » Read more

Reseller Hosting

A lot of web hosting firms offer reseller hosting service. With reseller hosting, the account owner of reseller hosting service rents out portion of the disk space and bandwidth he receives to other end users. Therefore, the account owner is like a hosting service provider to those end users.
In most reseller hosting packages, individual control panels are offered to end users. However, the end users of reseller hosting may not have the same level of technical support that other customers receive from established web hosting firms. This is due to the fact that account owners of reseller hosting services are not required to have extensive knowledge of web hosting. In fact, most of the account holders of reseller hosting are entrepreneurs who are starting up their hosting business rather than experienced webmasters. » Read more

5 Ways Hackers Can Compromise “Secure” Credit Card Data.

E-commerce is based on trust – the trust that exists on the part of the merchant that he will be given legitimate credit card information and the trust on the part of the consumer that such information will be securely processed and stored. However, according to a study performed by Lexis Nexis in September 2013, this ideal scenario does not always define reality.

According to this study, approximately 12.6 million adults were victim to identify theft in 2012, costing consumers $21 billion and countless hours straightening out their accounts. Half of those polled said they would avoid making a subsequent purchase from the same small online merchant after experiencing such a security breach – in sharp contrast to the only 8% who said they would stop frequenting a large retail chain or the 19% who would stop buying from large, well-known online venues.

The Christmas shopping season, therefore, while it can be the greatest boon of the year to small online merchants, is also a time fraught with risk. In addition to being easier to hack than large businesses, such breaches can be devastating enough to put some enterprises out of business. In addition to lost trust and sales, there may also be significant financial penalties in the form of chargeback fees. Merchants may even have their credit card accounts terminated.

However, small businesses do not have to be helpless victims in the face of credit card theft. And even if the holiday shopping season has already started, it’s not too late to make important changes. By knowing these 5 ways hackers can gain access to customer data, merchants can proactively take steps to protect their customers’ data and their business’ financial footing.

1. Network Weaknesses
Hackers access sensitive data is by entering target computers through weak points in the network. While there is no such thing as a completely secure network, firewalls provide significant levels of protection and are the first line of defense against intruders. Merchants should make sure the firewall they choose is well-respected and regularly updated.

Firewalls by themselves, however, are insufficient. Other potential weaknesses can come through lesser-known channels, such as an unprotected or unencrypted router, unattended network connections that are left idle during holidays, weekends, or vacations, and even printers that are left on, inviting hackers to enter through their web interfaces.

2. Weak passwords
When a hacker does access a computer, he or she is not finished. He then has to access the data, which often requires a password. While this should be an added layer of protection, default passwords, easy-to-guess combinations, or short and simple words are often employed, offering the hacker little more than an inconvenience. To be safe (and PCI-compliant), merchants should change their passwords regularly using hard-to-crack combinations of letters, numbers, and symbols.

3. Unencrypted information
Even if a hacker does access information, it is useless unless it is in a readable form. Using encryption is like putting information in code – only those that have the key can read it, even if they access it. Merchants should encrypt information at every stage of the process and never store unencrypted numbers on their servers.

4. Viruses and trojan horses
Another common hacking technique is to introduce a virus or a trojan horse into a computer or network device to record keystrokes or forward data that passes a certain point. To avoid this surreptitious harvesting, merchants should install and maintain a rigorous anti-virus software, scan their systems regularly, and learn to identify the signs of scam e-mails and virus infections.

5. Locally-stored card numbers
A fifth way hackers find credit card data is by selecting targets that are likely to have the card number stored on the local server. A dedicated server with its own internet connection can not only help reduce the risk of hackers, but also limits the number of people with physical access to the data as well. Small businesses should look for payment providers that store the customer’s credit card information securely on their own servers or on the cloud – never on the local server.

1 2 3 4