Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

More on the serious and critical Joomla security vulnerability

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

November 2, 2016

It's reported today that attackers are already exploiting a dangerous privileged account creation security flaw in the Joomla content management system with attempts made on about 30,000 websites in the days after a security patch for the flaw was made available.

The security vulnerability, which allows anyone to create privileged accounts on Joomla websites, was first flagged in a scant Joomla pre-release notice warning administrators to prepare for a then un-described but critical security patch.

At the time, we warned that the mysterious security flaw would likely be exploited in the coming days and weeks as the respective patch is reverse-engineered.

Those attacks have eventuated faster than we predicted. Security analyst Daniel Cid says the attacks arrived in force three days after patching and were so large that any site that did not apply the patch has likely now been compromised.

"Less than 24 hours after the initial disclosure, we started to see tests and small pings on some of our honeypots trying to verify if this security vulnerability was present," Cid says, adding that attackers unsuccessfully targeted every Joomla site in Sucri's network.

"In less than 36 hours after the initial disclosure, we started to see mass exploit attempts across the internet.

"In fact, because of the sharp increase, it's our belief that any Joomla website that has not been updated is most likely already compromised," he added.

Cid and his colleagues were able to reverse-engineer the security patch within a "few hours", creating an internal tool that could exploit the vulnerabilities (CVE-2016-8870, CVE-2016-8869) and upload backdoors to the affected sites.

He asserts that attackers begun immediately probing for user.register tasks and creating unauthorised users. Hours after IP addresses from Romania and Latvia begun mass scanning thousands of sites attempting to create the user db_cfg.

Joomla has been downloaded more than 75 million times and runs on big ticket sites including McDonalds, Ikea, General Electric, Linux.com, and major news sites.

WordPress leads the open-source content management pack with some 140 million downloads, but Joomla is also very popular, and appears to be gaining in its utilization by site creators.

"If you have not updated your Joomla site yet, you are likely already compromised," Cid says.

The engineer has detailed various indicators of specific compromise situations that administrators can look for to determine if their Joomla site was attacked.

Source: The Bedfordshire Police Dept.

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer