Tag: Joomla (Page 1 of 2)

CMS security update

Joomla! Releases Version 3.8.13 with Security Updates

Last week, Joomla! released version 3.8.13 which included five security updates for the 3.x series of Joomla!. All five of the vulnerabilities addressed are part of the Joomla! application core. Although all of the vulnerabilities are considered low priority, Joomla! is encouraging users to update their applications as soon as possible to avoid possible compromise as a result of them being exploited. The vulnerabilities below were addressed:

Read More

CMS security update

Joomla! Releases 3.8.9 Including Security Updates

The newest version of Joomla!, version 3.8.9, was released on June 26, 2018. This version addresses two minor security vulnerabilities and several other bugs which caused errors in the application’s core.

Read More

CMS security update

Joomla! Releases Security Update in Version 3.8.8

Joomla! recently released version 3.8.8 which included nine security updates addressing various vulnerabilities as well as over 50 other bug fixes. Many of the security vulnerabilities impacted all versions of Joomla! from version 2.5.0 through 3.8.7, making application updates important to protecting sites using the open source platform.

Among the vulnerabilities are three cross-site scripting (XSS vulnerabilities) that impact different parts of the core Joomla! Application. In addition to the low and moderate XSS vulnerabilities, there are six other low priority security issues addressed in the new version. These include addressing possibly vulnerable access to website data and field filtering for Joomla! components.

Read More

Website backups

SiteLock Reviews: Events We Love in 2018

SiteLock is passionate about the open-source community, and we are fortunate to attend a new content management systems (CMS)  event nearly every single weekend. These events include WordPress, Joomla!, and Drupal events. While we love every event we attend, we’ve rounded some of our favorites from the past year so you can start marking the calendar for opportunities that fit your business or personal needs (hence the title—SiteLock Reviews: Events We Love in 2018). Each of these events are focused on education and networking, so whether you or your organization is an avid user of a CMS platform or seeking to expand your options in this category, these events provide the ideal setting for understanding best practices on a variety of topics such as coding, blogging, and security. As a bonus, even if you can’t attend, video recordings and live streams are available for most events.

We want you to attend these events too, so the SiteLock has reviewed just SOME of our favorites:

Read More

SiteLock

Patchman Partners with Joomla! Security Strike Team

Since joining forces in July 2017, Patchman and SiteLock have shared the same vision of protecting every website on the internet. In November of 2017, that mission continued with the announcement of a partnership with the popular Content Management System (CMS) Joomla!.  Now Patchman is proud to announce the next phase in that mission, by sponsoring a member of the Joomla! Security Strike Team (JSST). “The partnership with Patchman is very beneficial for the Joomla! security team, because it provides what our volunteer-based team needs the most: scheduled and continuous developer hours to triage new reports and develop patches,” says David Jardin, the JSST Team Lead.

Read More

Malware

Joomla! Releases Security Update in Version 3.8.6

On March 13, 2018, Joomla! released a security update in version 3.8.6. This update addresses a SQLi vulnerability found in the User Notes component.  The notes section allowed for malicious code to be passed to the database. The update released by Joomla! limits input into the notes field to plain text and disallowing code.  It is highly recommended that Joomla! users update their applications as soon as possible to address this vulnerability and avoid possible compromises. Thanks to its included continuous scanning, SiteLock Infinity users will have their applications patched quickly and automatically.

In addition to the SQLi vulnerability fix, version 3.8.6 included 60 other bug fixes and feature updates including:

  • Session management improvements
  • Hide configuration and system information from non-super users
  • Delete existing passwords when user passwords are changed
  • PHP 7.2 compatibility fixes

In order to take advantage of bug fixes and improved features, users must complete the full version upgrade even if they have patching services.

If you’re interested in automated patching services for your Joomla! site, contact us today and ask about SiteLock Infinity. We are available 24/7 at 855.378.6200.

JoomlaDay Florida 2018 – Building Community

Wait just a minute. A Joomla! event recap on a WordPress blog? Why? The better question is why not? At SiteLock, we’re big fans of all Open Source software and the amazing communities built around them. The Joomla! CMS is no exception. That’s why we sponsored and spoke at JoomlaDayFL this past weekend. It was an amazing event filled with informative sessions and a heavy focus on communicating the benefits and use cases of the software, and the larger community that surrounds it.

Read More

Web Application Security

Alert: Joomla! 3.8.4 Released Today With Important Security Updates

The Joomla! team has been hard at work today releasing version 3.8.4, which contains multiple security updates and bug fixes. Specifically, four major security vulnerabilities were found in Joomla! core files. These vulnerabilities impact all Joomla!  versions from 1.5 to 3.7. Three of the four vulnerabilities identified were cross site scripting (XSS) vulnerabilities found in modules and components within the core application. These vulnerabilities could potentially allow attackers to inject malicious code into otherwise legitimate website files. The fourth vulnerability, a  SQL injection (SQLi) vulnerability, was identified in the post-install message and could have allowed attackers to inject malicious code into the Joomla! MySQL database.  

Read More

Malware

Joomla! Core Update 3.8.3 Released

Last week Joomla! announced the release of version 3.8.3, which includes  over 60 bug fixes and feature improvements.  While the new updates don’t include any critical security changes, there are changes that prepare for Joomla! 4.x which is in the works for 2018 such as encryption support and support for PHP version 7.2.   These changes will help to make future core releases of Joomla! more secure.

The update report also boasts updates to the core code base to make it cleaner and faster as well as improved search engine friendly URL functionality. The new functionality will give website owners additional control over their search engine friendly URLs and meta tags, making it easier to optimize websites for popular search engines.  Categories, tags, and menus for posts also got a facelift allowing users to make posts easier to find on their websites. The biggest change in the new Joomla! version is multilingual site support, which allows content translation in a single interface within the Joomla! administration panel.  For more information all of the bugs fixed in the Joomla! 3.8.3, you can review the full list on the Joomla! Github.

You can download the new version from Joomla.org right now, and if you’re not ready to complete the full feature upgrade our new  SMART PLUS security solution includes full Joomla! support to ensure your sites are secure and free of malware.

SiteLock Threat Intercept

Threat Intercept: Passwords Publicly Exposed by Malware

This article was co-authored by Product Evangelist Logan Kipp.

THREAT SUMMARY

High Threat
WordPress website security threat level
Learn More

Category: Shell / Information Disclosure

Trend Identified: 4/20/2017

CVE ID: N/A

Trend Name: Trend Tusayan

Vector: Application Vulnerability, Multiple

The threat rating was determined using the following metrics:

Complexity:

LOW: The vectors used to infect websites appear to be well-documented vulnerabilities in older versions of website platforms.

Confidentiality Impact:

HIGH: This infection provides complete control of the target website, including credential disclosure and database contents.

Integrity Impact:

HIGH: This infection provides the adversary administrator-level access to impacted website applications, making total data loss a possibility.

The SiteLock team has discovered a dangerous malware trend that not only provides website administrator level access to the bad actors involved, but exposes sensitive website credentials publicly over the internet.

Read More

Page 1 of 2

Powered by WordPress