Every business needs a website. Someplace for customers to learn about your company, find contact information and get accustomed to your brand and products. And today it's easier to set up a website now than ever before, thanks to dozens of available content management systems (CMS) like WordPress, Drupal, Joomla and ExpressionEngine.
But while CMS supports users during the creation and modification of digital content, they aren't exact impervious to a cyberattack. In fact, more than a million WordPress sites are vulnerable to incursion via a popular plugin.
Below we will cover how to sure up your digital defenses to prevent a data leak from this vulnerable plugin. If you do suffer a data breach or cyberattack, a cyber insurance policy from CyberPolicy can protect your business from the harmful financial damages.
The Gallery Gap
NextGen Gallery is a prevalent photo gallery management system used to upload and sort images to WordPress. It was developed in 2007 and sees over 1.5 million new downloads every year - you may even be a user yourself. But if you are, it would be a good time to update NextGen Gallery right away.
Researchers discovered a "severe" SQL injection vulnerability which allows remote hackers to input malicious commands to the backend of your WordPress site.
"This vulnerability allows an unauthenticated user to grab data from the victim's website database, including sensitive user information," says researcher Slavco Mihajloski. \"This is quite a critical issue. If you're using a vulnerable version of this plugin, update as soon as possible!\"
If you don't know, an SQL injection attack implants a segment of noxious code into a user field (such as an email address or password entry box) which executes a command in the web application's database server (e.g. dump database contents to attacker, leak passwords or secret keys, delete database, etc.). In the case of NextGen Gallery, a hacker would need to employ a $container_ids string in order to implement the exploit.
Fortunately, there is a simple solution:
Finally, invest in a cyber insurance policy. In the event some crafty hacker makes away with your precious data, CyberPolicy can assist with the cost of data retrieval, cyber extortion, business downtime and so much more.
Interested in learning more about cyber insurance policies? Get your free quote today!