Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

8/14/2013
05:40 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Joomla Exploit Results In Thousands Of Infected Systems, Targeted Attacks Against EMEA Banks

Versafe report summarizes the discovery of a vulnerability that had put Web sites hosted on the Joomla content management system at risk of being hijacked

PHILADELPHIA, PA--(Marketwired - Aug 12, 2013) - Versafe today announced the publication of a Versafe Intelligence Brief entitled 'Joomla Exploit Enabling Malware, Phishing Attacks to be Hosted from Genuine Sites'. The report summarizes the discovery of a vulnerability that had put websites hosted on the Joomla content management system at risk of being hijacked for use in malware payload and phishing attacks. A forensics investigation of the exposed sites by researchers at the Versafe Security Operations Center also discovered a zero-day attack found in the wild, which enabled attackers to gain full control over the compromised systems. After disclosing details of the vulnerability to the Joomla Security Strike Team, a patch is now available on the Joomla! Developer Network for versions 2.5.x and 3.1.x of the platform, as well as a community-developed fix for 1.5.x.

"What brought this vulnerability to our attention was that we noticed a sharp increase in the number of phishing and malware attacks being hosted from legitimate Joomla-based sites," said Eyal Gruner, CEO of Versafe. "The series of attacks exploiting this vulnerability were particularly aggressive and widespread -- involved in over 50% of the attacks targeting our clients and others in EMEA -- and ultimately successful in infecting a great many unsuspecting visitors to genuine websites. Versafe is committed to helping Joomla protect its large community of platform users and end-users, through having shared key findings specific to this exploit."

Both the exploit and zero-day attacks were detected by the Versafe Security Operations Center -- leveraging its TotALL™ Online Fraud Protection Suite, a server-side malware and online threat protection solution -- that in several customer implementations had been deployed via F5 Network's BIG-IP® product suite, including the Application Security Manager™ (ASM™) web application firewall.

"There's no silver bullet for security, so F5 recommends a defense-in-depth approach," said Mark Vondemkamp, VP of Security Product Management and Marketing at F5. "By partnering with leading security-focused organizations such as Versafe, F5 is able to further enhance the protection capabilities offered by BIG-IP ASM and its other security solutions to benefit joint customers."

The report, which can be downloaded at www.versafe-login.com/?q=whitepapers-and-online-threats-research, provides a step-by-step description of how the attacks were initiated, from vulnerability assessment to server takeover and malware deployment.

About Versafe Versafe enables organizations to proactively ensure the integrity of each online customer relationship, protecting against the spectrum of malware and online threat types, across all devices, while being fully transparent to the end-user. Clients have actualized a significant decrease in the number and impact of malware, phishing, and other online attacks -- enabling step-change reduction in both fraud losses as well as an increase in fraud management efficiencies -- routinely yielding investment payback in just weeks. With over 30 customers internationally, Versafe is backed by Susquehanna Growth Equity.

For more information, please visit: www.versafe-login.com.

F5, BIG-IP, Application Security Manager, and ASM are trademarks or service marks of F5 Networks, Inc., in the U.S. and other countries. All other product and company names herein may be trademarks of their respective owners. The use of the words "partner," "partnership," or "joint" does not imply a legal partnership relationship between F5 Networks and any other company.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
Black Hat Q&A: Hacking a '90s Sports Car
Black Hat Staff, ,  11/7/2019
The Cold Truth about Cyber Insurance
Chris Kennedy, CISO & VP Customer Success, AttackIQ,  11/7/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16863
PUBLISHED: 2019-11-14
STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow attackers to extract the ECDSA private key via a side-channel timing attack because ECDSA scalar multiplication is mishandled, aka TPM-FAIL.
CVE-2019-18949
PUBLISHED: 2019-11-14
SnowHaze before 2.6.6 is sometimes too late to honor a per-site JavaScript blocking setting, which leads to unintended JavaScript execution via a chain of webpage redirections targeted to the user's browser configuration.
CVE-2011-1930
PUBLISHED: 2019-11-14
In klibc 1.5.20 and 1.5.21, the DHCP options written by ipconfig to /tmp/net-$DEVICE.conf are not properly escaped. This may allow a remote attacker to send a specially crafted DHCP reply which could execute arbitrary code with the privileges of any process which sources DHCP options.
CVE-2011-1145
PUBLISHED: 2019-11-14
The SQLDriverConnect() function in unixODBC before 2.2.14p2 have a possible buffer overflow condition when specifying a large value for SAVEFILE parameter in the connection string.
CVE-2011-1488
PUBLISHED: 2019-11-14
A memory leak in rsyslog before 5.7.6 was found in the way deamon processed log messages are logged when $RepeatedMsgReduction was enabled. A local attacker could use this flaw to cause a denial of the rsyslogd daemon service by crashing the service via a sequence of repeated log messages sent withi...