Joomla exploit doing rounds, users advised to update
Posted on 14 August 2013.
Users who run their sites own sites and use the Joomla CMS but haven't updated it in a while should do so immediately if they don't want to see their sites compromised and hosting malicious content, warns Versafe.


In a recently released report, the company's researchers have noted the existence and the current active use of an exploit that allows attackers to easily gain control of the targeted system.

By investigating the logs from several of the compromised servers, the researchers discovered that all attacks originated from the same source (IP addresses in China), that the same exploit was used against all systems, and that takeover shell and malicious content upload was automated and executed in a small timeframe, making them believe that the attackers are using a new zero-day exploit.

As it turns out, they were right, and the vulnerability the exploit took advantage allowed them to upload a backdoor by simply adding a ‘.’ at the end of PHP filenames.

Luckily for Joomla users, the flaw has been patched, and they can pull themselves out of danger by upgrading to version 2.5.14 or 3.1.5.

"Owning a website comes with responsibilities and unless you’re prepared to do all the work yourself, I recommend that you choose a managed service provider," Malwarebytes' Jerome Segura advises to those who want to keep safe but don't want to think about it.

"You spend a little more money, but at least the site and all its components (CMS, and Linux/Apache/MySQL/PHP) will be taken care of, leaving you with the sole job of adding content to the site (the fun part)."









Spotlight

Infographic: 25 years of the firewall

Posted on 24 July 2014.  |  The firewall turned 25, and McAfee is celebrating with an infographic that creatively depicts its lifetime. If you take a moment to scan the infographic, you’ll notice the firewall's introduction and evolution coincide with certain security events.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Jul 25th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //