Last December, Patchman announced it was bringing automated core CMS patching to eCommerce applications. Adding to their already robust eCommerce portfolio, we are pleased to announce that Patchman is now offering automated core CMS patching for PrestaShop. PrestaShop is a free open source eCommerce application designed to make online stores accessible to businesses of all shapes and sizes. The application boasts over 270,000 active sites and a community of over 1 million users in 195 countries. Through partnerships with industry leaders like Google and PayPal, PrestaShop’s mission is to help all businesses build a successful online storefront.
Author: Jessica Ortega Page 2 of 3
Last week, WordPress released version 4.9.5 — a security and maintenance release. This release addressed three major security vulnerabilities and 25 other bugs. These vulnerabilities are considered low severity, and are part of an overall mission at WordPress to further enhance the security of the core application.
On March 28, 2018 Drupal released a highly critical security update affecting Drupal sites using version 7.x and 8.x. This security update addresses a critical vulnerability impacting approximately 1 million websites that could allow attackers to exploit multiple access points and take control of Drupal sites. In order to address the issue, Drupal has released two new versions and is recommending that all Drupal sites be updated as soon as possible.
On March 13, 2018, Joomla! released a security update in version 3.8.6. This update addresses a SQLi vulnerability found in the User Notes component. The notes section allowed for malicious code to be passed to the database. The update released by Joomla! limits input into the notes field to plain text and disallowing code. It is highly recommended that Joomla! users update their applications as soon as possible to address this vulnerability and avoid possible compromises. Thanks to its included continuous scanning, SiteLock Infinity users will have their applications patched quickly and automatically.
In addition to the SQLi vulnerability fix, version 3.8.6 included 60 other bug fixes and feature updates including:
- Session management improvements
- Hide configuration and system information from non-super users
- Delete existing passwords when user passwords are changed
- PHP 7.2 compatibility fixes
In order to take advantage of bug fixes and improved features, users must complete the full version upgrade even if they have patching services.
If you’re interested in automated patching services for your Joomla! site, contact us today and ask about SiteLock Infinity. We are available 24/7 at 855.378.6200.
Your website is offline and in its place is a message that says “Please contact your hosting provider for details.” Panic sets in, what does this mean? Why is this happening? How do I get the website back online? These questions and more begin to race through your mind.
Let’s start with what this means. Your website has been suspended, which means the hosting provider has temporarily taken it offline. Website hosts often suspend websites for a myriad of reasons ranging from malware to spam. They suspend websites when needed to protect their servers that host tons of other websites, so they don’t get infected too.
Why is it happening? Unfortunately, thousands and thousands of websites are infected every day and yours was one of them. In fact, websites experience an average of 59 attacks per day, which is more than 21,500 per year.
The Joomla! team has been hard at work today releasing version 3.8.4, which contains multiple security updates and bug fixes. Specifically, four major security vulnerabilities were found in Joomla! core files. These vulnerabilities impact all Joomla! versions from 1.5 to 3.7. Three of the four vulnerabilities identified were cross site scripting (XSS) vulnerabilities found in modules and components within the core application. These vulnerabilities could potentially allow attackers to inject malicious code into otherwise legitimate website files. The fourth vulnerability, a SQL injection (SQLi) vulnerability, was identified in the post-install message and could have allowed attackers to inject malicious code into the Joomla! MySQL database.
On January 16, 2017 WordPress released version 4.9.2, which included several security updates, as well as bug fixes for all versions after WordPress 3.7. WordPress has reported that a cross-site scripting (XSS) vulnerability was found in a group of files used to play Flash videos, which was included with all WordPress versions after 3.7. However, because most browsers no longer require these files to play video content, upgrading to version 4.9.2 removes these files. Due to the nature of XSS vulnerabilities, it is highly recommended that WordPress users update their websites immediately to avoid possible compromise.
WordPress notes the following bug fixes and features in particular:
- Browser issues specific to Mozilla Firefox that prevented saving posts have been corrected.
- Widget settings will be restored when switching themes in the application settings.
SMART PLUS, SiteLock INFINITY, and Patchman users are protected from this security issue, as SMART/PATCH and the Patchman libraries have been updated with secure patches that protect plugins and themes reliant on their current versions. It is still advised that website owners plan full version upgrades as soon as possible to take advantage of the new features and full list of bug fixes in WordPress version 4.9.2.
For more information about how SiteLock can help protect your websites from vulnerabilities and malware, contact us at 855.378.6200. We are available 24/7/365 to help!
Last week Joomla! announced the release of version 3.8.3, which includes over 60 bug fixes and feature improvements. While the new updates don’t include any critical security changes, there are changes that prepare for Joomla! 4.x which is in the works for 2018 such as encryption support and support for PHP version 7.2. These changes will help to make future core releases of Joomla! more secure.
The update report also boasts updates to the core code base to make it cleaner and faster as well as improved search engine friendly URL functionality. The new functionality will give website owners additional control over their search engine friendly URLs and meta tags, making it easier to optimize websites for popular search engines. Categories, tags, and menus for posts also got a facelift allowing users to make posts easier to find on their websites. The biggest change in the new Joomla! version is multilingual site support, which allows content translation in a single interface within the Joomla! administration panel. For more information all of the bugs fixed in the Joomla! 3.8.3, you can review the full list on the Joomla! Github.
You can download the new version from Joomla.org right now, and if you’re not ready to complete the full feature upgrade our new SMART PLUS security solution includes full Joomla! support to ensure your sites are secure and free of malware.
WordPress released version 4.8.3 today, which includes a critical security patch. WordPress is advising that all versions 4.8.2 and earlier are vulnerable to SQL injection attack, and that all sites using WordPress should be updated immediately. The vulnerability in question is related to the $wpdb object where $wpdb->prepare() can create queries that allow attackers to inject malicious code into the MySQL database that powers the site. WordPress is reporting that the vulnerability does not impact core application files, but may impact plugins and themes that use WPDB. The security team has added hardening to prevent these add-ons from inadvertently creating the vulnerability.
We are recommending that all WordPress sites be updated immediately. If you have enabled automatic updates, these should complete within the next 24 hours. Additionally, all plugins and themes associated with your WordPress sites should be updated to their latest vendor provided versions. This will help to ensure your site is not compromised.
It is also recommended that you utilize a malware and vulnerability scanner, such as those provided with SiteLock INFINITY to prevent infections on your site.
Websites experience 22 attacks per day on average— that’s over 8,000 attacks per year, according to SiteLock data. A website vulnerability is a weakness or misconfiguration in a website or web application code that allows an attacker to gain some level of control of the site, and possibly the hosting server. Most vulnerabilities are exploited through automated means, such as vulnerability scanners and botnets. Cybercriminals create specialized tools that scour the internet for certain platforms, like WordPress or Joomla, looking for common and publicized vulnerabilities. Once found, these vulnerabilities are then exploited to steal data, distribute malicious content, or inject defacement and spam content into the vulnerable site.