Joomla exploit doing rounds, users advised to update
Posted on 14 August 2013.
Users who run their sites own sites and use the Joomla CMS but haven't updated it in a while should do so immediately if they don't want to see their sites compromised and hosting malicious content, warns Versafe.


In a recently released report, the company's researchers have noted the existence and the current active use of an exploit that allows attackers to easily gain control of the targeted system.

By investigating the logs from several of the compromised servers, the researchers discovered that all attacks originated from the same source (IP addresses in China), that the same exploit was used against all systems, and that takeover shell and malicious content upload was automated and executed in a small timeframe, making them believe that the attackers are using a new zero-day exploit.

As it turns out, they were right, and the vulnerability the exploit took advantage allowed them to upload a backdoor by simply adding a Ď.í at the end of PHP filenames.

Luckily for Joomla users, the flaw has been patched, and they can pull themselves out of danger by upgrading to version 2.5.14 or 3.1.5.

"Owning a website comes with responsibilities and unless youíre prepared to do all the work yourself, I recommend that you choose a managed service provider," Malwarebytes' Jerome Segura advises to those who want to keep safe but don't want to think about it.

"You spend a little more money, but at least the site and all its components (CMS, and Linux/Apache/MySQL/PHP) will be taken care of, leaving you with the sole job of adding content to the site (the fun part)."









Spotlight

How to talk infosec with kids

Posted on 17 September 2014.  |  It's never too early to talk infosec with kids: you simply need the right story. In fact, as cyber professionals itís our duty to teach ALL the kids in our life about technology. If we are to make an impact, we must remember that children needed to be taught about technology on their terms.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Sep 18th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //