Vulnerabilities / Threats
8/14/2013
05:40 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Joomla Exploit Results In Thousands Of Infected Systems, Targeted Attacks Against EMEA Banks

Versafe report summarizes the discovery of a vulnerability that had put Web sites hosted on the Joomla content management system at risk of being hijacked

PHILADELPHIA, PA--(Marketwired - Aug 12, 2013) - Versafe today announced the publication of a Versafe Intelligence Brief entitled 'Joomla Exploit Enabling Malware, Phishing Attacks to be Hosted from Genuine Sites'. The report summarizes the discovery of a vulnerability that had put websites hosted on the Joomla content management system at risk of being hijacked for use in malware payload and phishing attacks. A forensics investigation of the exposed sites by researchers at the Versafe Security Operations Center also discovered a zero-day attack found in the wild, which enabled attackers to gain full control over the compromised systems. After disclosing details of the vulnerability to the Joomla Security Strike Team, a patch is now available on the Joomla! Developer Network for versions 2.5.x and 3.1.x of the platform, as well as a community-developed fix for 1.5.x.

"What brought this vulnerability to our attention was that we noticed a sharp increase in the number of phishing and malware attacks being hosted from legitimate Joomla-based sites," said Eyal Gruner, CEO of Versafe. "The series of attacks exploiting this vulnerability were particularly aggressive and widespread -- involved in over 50% of the attacks targeting our clients and others in EMEA -- and ultimately successful in infecting a great many unsuspecting visitors to genuine websites. Versafe is committed to helping Joomla protect its large community of platform users and end-users, through having shared key findings specific to this exploit."

Both the exploit and zero-day attacks were detected by the Versafe Security Operations Center -- leveraging its TotALL™ Online Fraud Protection Suite, a server-side malware and online threat protection solution -- that in several customer implementations had been deployed via F5 Network's BIG-IP® product suite, including the Application Security Manager™ (ASM™) web application firewall.

"There's no silver bullet for security, so F5 recommends a defense-in-depth approach," said Mark Vondemkamp, VP of Security Product Management and Marketing at F5. "By partnering with leading security-focused organizations such as Versafe, F5 is able to further enhance the protection capabilities offered by BIG-IP ASM and its other security solutions to benefit joint customers."

The report, which can be downloaded at www.versafe-login.com/?q=whitepapers-and-online-threats-research, provides a step-by-step description of how the attacks were initiated, from vulnerability assessment to server takeover and malware deployment.

About Versafe Versafe enables organizations to proactively ensure the integrity of each online customer relationship, protecting against the spectrum of malware and online threat types, across all devices, while being fully transparent to the end-user. Clients have actualized a significant decrease in the number and impact of malware, phishing, and other online attacks -- enabling step-change reduction in both fraud losses as well as an increase in fraud management efficiencies -- routinely yielding investment payback in just weeks. With over 30 customers internationally, Versafe is backed by Susquehanna Growth Equity.

For more information, please visit: www.versafe-login.com.

F5, BIG-IP, Application Security Manager, and ASM are trademarks or service marks of F5 Networks, Inc., in the U.S. and other countries. All other product and company names herein may be trademarks of their respective owners. The use of the words "partner," "partnership," or "joint" does not imply a legal partnership relationship between F5 Networks and any other company.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-5704
Published: 2014-04-15
The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such."

CVE-2013-5705
Published: 2014-04-15
apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote attackers to bypass rules by using chunked transfer coding with a capitalized Chunked value in the Transfer-Encoding HTTP header.

CVE-2014-0341
Published: 2014-04-15
Multiple cross-site scripting (XSS) vulnerabilities in PivotX before 2.3.9 allow remote authenticated users to inject arbitrary web script or HTML via the title field to (1) templates_internal/pages.tpl, (2) templates_internal/home.tpl, or (3) templates_internal/entries.tpl; (4) an event field to ob...

CVE-2014-0342
Published: 2014-04-15
Multiple unrestricted file upload vulnerabilities in fileupload.php in PivotX before 2.3.9 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .php or (2) .php# extension, and then accessing it via unspecified vectors.

CVE-2014-0348
Published: 2014-04-15
The Artiva Agency Single Sign-On (SSO) implementation in Artiva Workstation 1.3.x before 1.3.9, Artiva Rm 3.1 MR7, Artiva Healthcare 5.2 MR5, and Artiva Architect 3.2 MR5, when the domain-name option is enabled, allows remote attackers to login to arbitrary domain accounts by using the corresponding...

Best of the Web