Joomla exploit doing rounds, users advised to update
Posted on 14 August 2013.
Users who run their sites own sites and use the Joomla CMS but haven't updated it in a while should do so immediately if they don't want to see their sites compromised and hosting malicious content, warns Versafe.


In a recently released report, the company's researchers have noted the existence and the current active use of an exploit that allows attackers to easily gain control of the targeted system.

By investigating the logs from several of the compromised servers, the researchers discovered that all attacks originated from the same source (IP addresses in China), that the same exploit was used against all systems, and that takeover shell and malicious content upload was automated and executed in a small timeframe, making them believe that the attackers are using a new zero-day exploit.

As it turns out, they were right, and the vulnerability the exploit took advantage allowed them to upload a backdoor by simply adding a ‘.’ at the end of PHP filenames.

Luckily for Joomla users, the flaw has been patched, and they can pull themselves out of danger by upgrading to version 2.5.14 or 3.1.5.

"Owning a website comes with responsibilities and unless you’re prepared to do all the work yourself, I recommend that you choose a managed service provider," Malwarebytes' Jerome Segura advises to those who want to keep safe but don't want to think about it.

"You spend a little more money, but at least the site and all its components (CMS, and Linux/Apache/MySQL/PHP) will be taken care of, leaving you with the sole job of adding content to the site (the fun part)."









Spotlight

The security threat of unsanctioned file sharing

Posted on 31 October 2014.  |  Organisational leadership is failing to respond to the escalating risk of ungoverned file sharing practices among their employees, and employees routinely breach IT policies.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 31st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //