Tag: SQL Injection (SQLi)

Malware

Joomla! Releases Security Update in Version 3.8.6

On March 13, 2018, Joomla! released a security update in version 3.8.6. This update addresses a SQLi vulnerability found in the User Notes component.  The notes section allowed for malicious code to be passed to the database. The update released by Joomla! limits input into the notes field to plain text and disallowing code.  It is highly recommended that Joomla! users update their applications as soon as possible to address this vulnerability and avoid possible compromises. Thanks to its included continuous scanning, SiteLock Infinity users will have their applications patched quickly and automatically.

In addition to the SQLi vulnerability fix, version 3.8.6 included 60 other bug fixes and feature updates including:

  • Session management improvements
  • Hide configuration and system information from non-super users
  • Delete existing passwords when user passwords are changed
  • PHP 7.2 compatibility fixes

In order to take advantage of bug fixes and improved features, users must complete the full version upgrade even if they have patching services.

If you’re interested in automated patching services for your Joomla! site, contact us today and ask about SiteLock Infinity. We are available 24/7 at 855.378.6200.

website security

What is a Website Vulnerability and How Can it be Exploited?

Websites experience 22 attacks per day on average— that’s over 8,000 attacks per year, according to SiteLock data. A website vulnerability is a weakness or misconfiguration in a website or web application code that allows an attacker to gain some level of control of the site, and possibly the hosting server. Most vulnerabilities are exploited through automated means, such as vulnerability scanners and botnets. Cybercriminals create specialized tools that scour the internet for certain platforms, like WordPress or Joomla, looking for common and publicized vulnerabilities. Once found, these vulnerabilities are then exploited to steal data, distribute malicious content, or inject defacement and spam content into the vulnerable site.

Read More

technology risks

It’s a Scary Cyber World

We live in a world where technology rules. From our phones to our cars, we are constantly connected to something, somewhere, at all times. In most cases, the convenience of technology enhances the quality of our lives. But as consumers, there are technology risks and threats we need to be aware (and beware) of. We don’t mean to spook you, but let’s talk about the scary side of the cyber world. 

Read More

cybersecurity for web designers and developers

Web Development and Cybersecurity – Are You Protecting Your Clients?

Cybersecurity continues to be an evolving challenge for website designers and developers. Everyday, hackers create new malware strains and perform sophisticated attacks that can devastate client websites.

SiteLock is promoting Cybersecurity Awareness Month and as a web designer or developer, it is imperative that you understand your role in the security of your clients’ websites. Many people assume that you are handling every aspect of the site, including its protection. Because of this, you must take action and understand how to provide that security.

Read More

Hackers Compromise Website

How Hackers Compromise Your Website

Cybercriminals are unpredictable. They’ll surprise you by sneaking into your website, executing attacks and harming your data and business. You can think of it like a baseball game in which the hacker is trying to make it to the next base without getting called out. Secure all your bases by learning a little about how hackers attack your website.

Read More

SiteLock Website Security

It’s a Holiday Security Breach Blowout

This week we have a personal story for our readers. It’s a heartwarming tale of multiple mass data compromises, which affected yours truly. We’ll also discuss how major data breaches occur, and what you can do to protect yourself in the Age of the Large Data Breach.

Read More

Yoast SQLi injection

SQL Injection Vulnerability In Yoast WordPress SEO  

This past Wednesday, Yoast, makers of one of the most popular WordPress plugins, WordPress SEO by Yoast, disclosed a blind SQL injection vulnerability against authenticated users given a successful cross site request forgery (CSRF) attack.

What is blind SQL injection and CSRF, how can the WordPress SEO vulnerability affect your site, and what should you do about it?

Read More

Powered by WordPress & Theme by Anders Norén