What to do when your website has been hacked?

Has your website been hacked?  We’ve put together a brief tutorial to go over the steps that you will need to take within the first 24 hours of an attack. 

Related articles

• Hacking as a Service Poses a Threat to SMB’s (quatrashield.com)

Hacking as a Service Poses a Threat to SMB’s

At Quatrashield our Hacking as a Service offering includes both black box and white box penetration testing.  What we don’t provide – under any circumstances – is a service that can be used by 3^rd parties to hacking into the websites or systems of someone else.

That’s not to say that Hacking as a Service is not a burgeoning and profitable business.   In fact, there are three unique service areas under the cyber-crime as a service umbrella:

1)      Password cracking:  Buyers provide a target’s name and email alias and then hire to retrieve the password on the account.

2)       Denial-of-service:  DoS attacks (or distributed denial-of-service [DDos] attacks send a large amount of traffic to the target, thereby disrupting normal service levels.

3)      Credit card fraud:  Hackers are hired to steal a victim’s credit card and/or other critical banking information.

 

CERT Advisory: Microsoft Internet Explorer allows remote attackers to execute arbitrary code or cause a denial of service.

We’re alerting blog readers to the following CERT advisory relating to Microsoft Internet Explorer:

CVE-2013-3206 – Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability.

For more information please refer to https://www.us-cert.gov/ncas/bulletins/SB13-259

Related articles

• Microsoft Again Patches All Internet Explorer Browser Versions (news.softpedia.com)
• Microsoft Internet Explorer Gains Browser Market Share To 57.6 Percent (wmpoweruser.com)
• IE Update Fixes Ten Critical Memory Corruption Flaws (watchguardsecuritycenter.com)

Code red? only 1 in 10 managers trust their applications’ security

A new report released by Quotium Technologies reveals a widespread concern about security flaws. Of the security managers interviewed, half believe their applications vulnerable to attack. Other relevant data include:
* 80% believe off-the-shelf applications are not secure
* 11% trust their applications’ security level
* Approximately 50% do not know how often hackers targeted their software currently faced by their organization.

Here’s why email poses a significant cyber threat to your business

Emails aren’t secure and there is no commercial solution in the marketplace to address this. Here’s why:

There are two obvious points of vulnerability with respect to email: the recipient and the sender. Most malware is designed to penetrate email accounts and as we have mentioned in previous blogs, it is becoming increasingly easy to guess passwords.

The less obvious, but equally vulnerable points of entry for a hacker are the network and the server. Just say your service is Outlook.com and you send an email to someone using gmail, which are two typical email providers for small businesses. Each connection between email providers involves multiple switchers and routers which are controlled by different entities. It only takes one of the networks to be vulnerable in order to expose your sensitive email to a third party hacker. Similarly, the ISP’s store your email on servers that are also constantly under hacker attack. As a general rule, ISP’s do not spend the resources to encrypt the emails that are stored to their servers.

There are some companies with promising technologies to enable encryption, but at this point, we have not seen a solution that addresses the fundamental vulnerabilities described in this blog posting.