In March, Drupal released version 8.5.1 addressing several critical security vulnerabilities. At that time, there was no evidence of the vulnerability being exploited to attack Drupal sites However, on April 12, 2018, a security research firm released a detailed analysis of the vulnerability and steps to exploit it. In the days since this release, multiple exploits of the Drupalgeddon2 vulnerability have been reported.
Tag: Vulnerabilities (Page 1 of 3)
On March 28, 2018 Drupal released a highly critical security update affecting Drupal sites using version 7.x and 8.x. This security update addresses a critical vulnerability impacting approximately 1 million websites that could allow attackers to exploit multiple access points and take control of Drupal sites. In order to address the issue, Drupal has released two new versions and is recommending that all Drupal sites be updated as soon as possible.
On March 13, 2018, Joomla! released a security update in version 3.8.6. This update addresses a SQLi vulnerability found in the User Notes component. The notes section allowed for malicious code to be passed to the database. The update released by Joomla! limits input into the notes field to plain text and disallowing code. It is highly recommended that Joomla! users update their applications as soon as possible to address this vulnerability and avoid possible compromises. Thanks to its included continuous scanning, SiteLock Infinity users will have their applications patched quickly and automatically.
In addition to the SQLi vulnerability fix, version 3.8.6 included 60 other bug fixes and feature updates including:
- Session management improvements
- Hide configuration and system information from non-super users
- Delete existing passwords when user passwords are changed
- PHP 7.2 compatibility fixes
In order to take advantage of bug fixes and improved features, users must complete the full version upgrade even if they have patching services.
If you’re interested in automated patching services for your Joomla! site, contact us today and ask about SiteLock Infinity. We are available 24/7 at 855.378.6200.
In light of the recent Equifax breach, you may be wondering how you can secure your website and prevent a similar event from happening to you. Join Web Security Research Analysts, Michael Veenstra and Jessica Ortega, for a refresher course on the basic steps every website owner should take to protect their website from hackers and cybercriminals.
If you found this week’s episode helpful, visit Decoding Security on your preferred podcasting service, including iTunes and Google Play, to leave a review and subscribe so that you don’t miss future episodes!
A vulnerability was recently discovered in Apache Struts, a popular framework for web-based Java applications, which allows for remote code execution on affected servers and allows for complete control of the application. The framework is commonly used by large, sophisticated organizations such as Lockheed Martin and Citigroup, meaning the vulnerability could affect up to 65% of Fortune 100 companies, resulting in large scale data breaches and private consumer data theft.
Found by lgtm.com security researcher Man Yue Mo, the vulnerability stems from unsafe deserialization of user supplied data to the REST plugin, which allows API access to the Java application. Researchers contacted the Apache Foundation directly, allowing the plugin developers to patch the issue before widespread exploitation. As of this writing, at least one live exploit has been seen in the wild, and a Metasploit module was released.
Apache Struts joins a growing fraternity of widely used applications to see an API vulnerability this year, including WordPress and Instagram. WordPress shared a similar experience where the exploit was discovered before widespread attacks, but many users failed to update and suffered compromise and data loss. The Struts vulnerability is more complicated to exploit which should result in a less dramatic rise in attacks. Regardless, patches should be applied as soon as possible, as a proactive security stance is more effective.
Apache Struts users are urged to upgrade to version 2.3.34 or 2.5.13 respectively, and additional information is provided by Apache on the official struts webpage at: https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.3.34 and https://struts.apache.org/announce.html#a20170905.
More sophisticated exploits are likely to occur as this vulnerability is examined. The best option for mitigation is to patch Struts as soon as possible to the recommended versions and regularly check for updates. Website owners should also consider adding a web application firewall and malware scanner to mitigate or reduce the severity of compromise.
SiteLock TrueShield customers are already protected against this exploit. Attempted attacks will be caught and blocked by the TrueShield WAF. If your website isn’t protected, call SiteLock at 888.878.2417 to get TrueShield installed today.
Websites experience 22 attacks per day on average— that’s over 8,000 attacks per year, according to SiteLock data. A website vulnerability is a weakness or misconfiguration in a website or web application code that allows an attacker to gain some level of control of the site, and possibly the hosting server. Most vulnerabilities are exploited through automated means, such as vulnerability scanners and botnets. Cybercriminals create specialized tools that scour the internet for certain platforms, like WordPress or Joomla, looking for common and publicized vulnerabilities. Once found, these vulnerabilities are then exploited to steal data, distribute malicious content, or inject defacement and spam content into the vulnerable site.