Vulnerabilities / Threats
8/14/2013
05:40 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Joomla Exploit Results In Thousands Of Infected Systems, Targeted Attacks Against EMEA Banks

Versafe report summarizes the discovery of a vulnerability that had put Web sites hosted on the Joomla content management system at risk of being hijacked

PHILADELPHIA, PA--(Marketwired - Aug 12, 2013) - Versafe today announced the publication of a Versafe Intelligence Brief entitled 'Joomla Exploit Enabling Malware, Phishing Attacks to be Hosted from Genuine Sites'. The report summarizes the discovery of a vulnerability that had put websites hosted on the Joomla content management system at risk of being hijacked for use in malware payload and phishing attacks. A forensics investigation of the exposed sites by researchers at the Versafe Security Operations Center also discovered a zero-day attack found in the wild, which enabled attackers to gain full control over the compromised systems. After disclosing details of the vulnerability to the Joomla Security Strike Team, a patch is now available on the Joomla! Developer Network for versions 2.5.x and 3.1.x of the platform, as well as a community-developed fix for 1.5.x.

"What brought this vulnerability to our attention was that we noticed a sharp increase in the number of phishing and malware attacks being hosted from legitimate Joomla-based sites," said Eyal Gruner, CEO of Versafe. "The series of attacks exploiting this vulnerability were particularly aggressive and widespread -- involved in over 50% of the attacks targeting our clients and others in EMEA -- and ultimately successful in infecting a great many unsuspecting visitors to genuine websites. Versafe is committed to helping Joomla protect its large community of platform users and end-users, through having shared key findings specific to this exploit."

Both the exploit and zero-day attacks were detected by the Versafe Security Operations Center -- leveraging its TotALL™ Online Fraud Protection Suite, a server-side malware and online threat protection solution -- that in several customer implementations had been deployed via F5 Network's BIG-IP® product suite, including the Application Security Manager™ (ASM™) web application firewall.

"There's no silver bullet for security, so F5 recommends a defense-in-depth approach," said Mark Vondemkamp, VP of Security Product Management and Marketing at F5. "By partnering with leading security-focused organizations such as Versafe, F5 is able to further enhance the protection capabilities offered by BIG-IP ASM and its other security solutions to benefit joint customers."

The report, which can be downloaded at www.versafe-login.com/?q=whitepapers-and-online-threats-research, provides a step-by-step description of how the attacks were initiated, from vulnerability assessment to server takeover and malware deployment.

About Versafe Versafe enables organizations to proactively ensure the integrity of each online customer relationship, protecting against the spectrum of malware and online threat types, across all devices, while being fully transparent to the end-user. Clients have actualized a significant decrease in the number and impact of malware, phishing, and other online attacks -- enabling step-change reduction in both fraud losses as well as an increase in fraud management efficiencies -- routinely yielding investment payback in just weeks. With over 30 customers internationally, Versafe is backed by Susquehanna Growth Equity.

For more information, please visit: www.versafe-login.com.

F5, BIG-IP, Application Security Manager, and ASM are trademarks or service marks of F5 Networks, Inc., in the U.S. and other countries. All other product and company names herein may be trademarks of their respective owners. The use of the words "partner," "partnership," or "joint" does not imply a legal partnership relationship between F5 Networks and any other company.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-0360
Published: 2014-04-23
Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCtn22376.

CVE-2012-1317
Published: 2014-04-23
The multicast implementation in Cisco IOS before 15.1(1)SY allows remote attackers to cause a denial of service (Route Processor crash) by sending packets at a high rate, aka Bug ID CSCts37717.

CVE-2012-1366
Published: 2014-04-23
Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted MLD packets, aka Bug ID CSCtz28544.

CVE-2012-3062
Published: 2014-04-23
Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a network that contains many IPv6 hosts, aka Bug ID CSCtr88193.

CVE-2012-3918
Published: 2014-04-23
Cisco IOS before 15.3(1)T on Cisco 2900 devices, when a VWIC2-2MFT-T1/E1 card is configured for TDM/HDLC mode, allows remote attackers to cause a denial of service (serial-interface outage) via certain Frame Relay traffic, aka Bug ID CSCub13317.

Best of the Web