As the Syrian Civil War rages on, cybercrime activity emerging from the troubled state is reaching monstrous proportions. Syrian president Bashar al-Assad may be losing hold on his people, but his loyal hacker-team is continuing to wreak havoc worldwide and exploit numerous high-profile websites and social media accounts.
Forbes is the latest victim of the infamous Arab hacking group. The American business magazine’s website was recently vandalized, with the hackers posting hate-text on the home page. This was achieved by gaining access to the website’s WordPress panel.
The hackers are repeatedly “conquering” large websites thanks to numerous loopholes in Content Management System (CMS) plugins. The classic Cross-Site Scripting (XSS) technique has also been extensively used by the cybercriminals from the middle-east.
More and more media powerhouses are being targeted by the SEA.
Checkmarx’s research lab has found glaring vulnerabilities in WordPress, the world’s leading Content Management System (CMS). The Security State of WordPress Top 50 Plugins study, published in June 2013, painted a very grim picture. 7 out of 10 popular e-commerce plugins (and 20% of the plugins overall) were vulnerable to SQL Injections.
Here are a few safety tips all CISOs and InfoSec Managers should implement:
Besides these safe practices and precautions, website owners should prefer and support programmers who develop their programs in secure SDLC environments. While no software is completely hack-proof, baking security into the plugin development significantly reduces the amount of vulnerabilities the hackers can exploit. Hacktivism can be defeated.
Source – Forbes Hacked By SEA
Sign up today & never miss an update from the Checkmarx blog
Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.
Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.