Category: Cybersecurity News Page 4 of 10

Malware

Joomla! Releases Security Update in Version 3.8.6

On March 13, 2018, Joomla! released a security update in version 3.8.6. This update addresses a SQLi vulnerability found in the User Notes component.  The notes section allowed for malicious code to be passed to the database. The update released by Joomla! limits input into the notes field to plain text and disallowing code.  It is highly recommended that Joomla! users update their applications as soon as possible to address this vulnerability and avoid possible compromises. Thanks to its included continuous scanning, SiteLock Infinity users will have their applications patched quickly and automatically.

In addition to the SQLi vulnerability fix, version 3.8.6 included 60 other bug fixes and feature updates including:

    • Session management improvements
    • Hide configuration and system information from non-super users
    • Delete existing passwords when user passwords are changed
  • PHP 7.2 compatibility fixes

In order to take advantage of bug fixes and improved features, users must complete the full version upgrade even if they have patching services.

If you’re interested in automated patching services for your Joomla! site, contact us today and ask about SiteLock Infinity. We are available 24/7 at 855.378.6200.

SiteLock Threat Intercept

Threat Intercept: Fake IonCube Malware Found in the Wild

THREAT SUMMARY

 

Medium Threat
Learn More

Category:PHP Eval Request

First Identifiable Data: 02/01/2018

CVD ID: N/A

Trend Name: Value

Vector: Multiple

The threat rating was determined using the following metrics:

Complexity:

Brief explanation Lorem ipsum dolor sit amet.

Confidentiality Impact:

Brief explanation

Integrity Impact:

Brief explanation


While reviewing an infected site, the SiteLock Research team found a number of suspiciously named, obfuscated files that appear almost identical to legitimate ionCube-encoded files. We determined the suspicious ionCube files were malicious, and found that hundreds of sites and thousands of files were affected. We will discuss the defining features of the malware, its purpose, and discuss mitigation for infected sites.

Read More

Malware

Drupal Releases Critical Security Updates

Last week Drupal released version 8.4.5, which addressed several critical security vulnerabilities.  The Drupal development team is urging all Drupal sites to upgrade immediately to avoid possible exploitation of these vulnerabilities in the core application.

Read More

Web Application Security

Alert: Joomla! 3.8.4 Released Today With Important Security Updates

The Joomla! team has been hard at work today releasing version 3.8.4, which contains multiple security updates and bug fixes. Specifically, four major security vulnerabilities were found in Joomla! core files. These vulnerabilities impact all Joomla!  versions from 1.5 to 3.7. Three of the four vulnerabilities identified were cross site scripting (XSS) vulnerabilities found in modules and components within the core application. These vulnerabilities could potentially allow attackers to inject malicious code into otherwise legitimate website files. The fourth vulnerability, a  SQL injection (SQLi) vulnerability, was identified in the post-install message and could have allowed attackers to inject malicious code into the Joomla! MySQL database.  

Read More

sitelock podcast

Decoding Security 109: New Year’s Resolutions

If your New Year’s resolution is to protect yourself from cyberattacks, you’re in luck! This week on Decoding Security, security analysts Jessica Ortega and Ramuel Gall share their predictions for the top cybercrime trends in 2018. Our hosts also identify ways you can arm yourself against these ever-evolving threats. We don’t want to give away their predictions, but we’ll give you a hint: if your holiday gifts included a digital assistant like Amazon Alexa or Google Home, be sure to tune in!

We’ll also catch you up on the latest cybersecurity news, including the 25 Worst Passwords of 2017 and a leaky server that exposed 300,000 email addresses and login credentials from Ancestry.com.

Happy New Year from SiteLock and Decoding Security! Our New Year’s resolution is to continue to bring you a fun and informative podcast, so make sure you keep up by subscribing on YouTube,  iTunes, or Google Play!

Malware

Joomla! Core Update 3.8.3 Released

Last week Joomla! announced the release of version 3.8.3, which includes  over 60 bug fixes and feature improvements.  While the new updates don’t include any critical security changes, there are changes that prepare for Joomla! 4.x which is in the works for 2018 such as encryption support and support for PHP version 7.2.   These changes will help to make future core releases of Joomla! more secure.

The update report also boasts updates to the core code base to make it cleaner and faster as well as improved search engine friendly URL functionality. The new functionality will give website owners additional control over their search engine friendly URLs and meta tags, making it easier to optimize websites for popular search engines.  Categories, tags, and menus for posts also got a facelift allowing users to make posts easier to find on their websites. The biggest change in the new Joomla! version is multilingual site support, which allows content translation in a single interface within the Joomla! administration panel.  For more information all of the bugs fixed in the Joomla! 3.8.3, you can review the full list on the Joomla! Github.

You can download the new version from Joomla.org right now, and if you’re not ready to complete the full feature upgrade our new  SMART PLUS security solution includes full Joomla! support to ensure your sites are secure and free of malware.

The SiteLock Website Security Insider Q3 2017

Announcing The SiteLock Website Security Insider Q3 2017

SiteLock is proud to share the latest installment of our quarterly security report, The SiteLock Website Security Insider Q3 2017!

Featuring exciting new research, the SiteLock Website Security Insider Q3 2017 reveals that cybercriminals continue to become more ambitious. This confirms what we concluded in Q2 2017: that website owners are more likely than ever to experience a cyberattack.

Read More

SiteLock Website Security Insider

Introducing the SiteLock Website Security Insider

SiteLock is excited to announce the publication of its first quarterly website security report, The SiteLock Website Security Insider Q2 2017!

The SiteLock Website Security Insider Q2 2017 includes analysis and trends based on proprietary data from over 6 million websites. The report delivers exclusive insight into the most common threats website owners faced in Q2 2017, including:

Read More

Malware

Apache Struts Vulnerability Found and Patched

A vulnerability was recently discovered in Apache Struts, a popular framework for web-based Java applications, which allows for remote code execution on affected servers and allows for complete control of the application. The framework is commonly used by large, sophisticated organizations such as Lockheed Martin and Citigroup, meaning the vulnerability could affect up to 65% of Fortune 100 companies, resulting in large scale data breaches and private consumer data theft.

Found by lgtm.com security researcher Man Yue Mo, the vulnerability stems from unsafe deserialization of user supplied data to the REST plugin, which allows API access to the Java application. Researchers contacted the Apache Foundation directly, allowing the plugin developers to patch the issue before widespread exploitation. As of this writing, at least one live exploit has been seen in the wild, and a Metasploit module was released.

Apache Struts joins a growing fraternity of widely used applications to see an API vulnerability this year, including WordPress and Instagram. WordPress shared a similar experience where the exploit was discovered before widespread attacks, but many users failed to update and suffered compromise and data loss. The Struts vulnerability is more complicated to exploit which should result in a less dramatic rise in attacks. Regardless, patches should be applied as soon as possible, as a proactive security stance is more effective.

Apache Struts users are urged to upgrade to version 2.3.34 or 2.5.13 respectively, and additional information is provided by Apache on the official struts webpage at: https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.3.34 and   https://struts.apache.org/announce.html#a20170905.

More sophisticated exploits are likely to occur as this vulnerability is examined. The best option for mitigation is to patch Struts as soon as possible to the recommended versions and regularly check for updates. Website owners should also consider adding a web application firewall and malware scanner to mitigate or reduce the severity of compromise.

SiteLock TrueShield customers are already protected against this exploit. Attempted attacks will be caught and blocked by the TrueShield WAF. If your website isn’t protected, call SiteLock at 888.878.2417 to get TrueShield installed today.

rnc data breach web security best practices

The RNC Data Breach: Pitfalls of Neglecting Web Security Best Practices

In a recent security report, researchers revealed an unsecured archive of US voter data collected by Deep Root Analytics, a data firm connected to the Republican National Convention (RNC). The exposed data — which included full names, addresses, and phone numbers of 198 million registered voters — was uncovered by a security researcher in an internet-accessible database with no password protection or any other security measures. The database has been secured at the time of this writing, but it remains unclear how long this data was exposed to the internet.

It may be easy to assume exposures of this nature are an inevitability. After all, a data analytics firm associated with a major political party sounds like a clear target for bad actors. However, the data was discovered by a researcher performing unrelated searches through Amazon’s S3 infrastructure for any unprotected data, not targeted attacks against Deep Root Analytics or even voter data in particular. This fact underscores a critical necessity of the Internet: prioritize the security of your data at all stages of its life cycle. Your data needs to be secure where it’s stored, during network transit, and when it’s in the hands of third parties. This data leak in particular was the result of the RNC failing to properly ensure the security of their data in the hands of a third party contractor.

Read More

Page 4 of 10

Powered by WordPress & Theme by Anders Norén