Last March we described a WordPress attack that was responsible for hidden iframe injections that resembled Darkleech injections: declarations of styles with random names and coordinates, iframes with No-IP host names, and random dimensions where the random parts changed on every page load. Back then, we identified that it was not a server-level infection. TheRead […]
Tag Archives: Joomla! Security
jQuery.min.php Malware Affects Thousands of Websites
Fake jQuery injections have been popular among hackers since jQuery itself went mainstream and became one of the most widely adopted JavaScript libraries. Every now and then we write about such attacks. Almost every week we see new fake jQuery domains and scripts that mimic jQuery. For example, one of the most prevalent malware infectionsRead […]
Joomla SQL Injection Attacks in the Wild
Last week, the Joomla team released an update patching a serious vulnerability in Joomla 3.x. This vulnerability, an SQL injection (CVE-2015-7858), allows for an attacker to take over a vulnerable site with ease. We predicted that the attacks would start in the wild very soon, due to the popularity of the Joomla platform alongRead […]
Joomla 3.4.5 released. Fixing a serious SQL Injection vulnerability
The Joomla team just released a new Joomla version (3.4.5) to fix some serious security vulnerabilities. The most critical one is a remote and unauthenticated SQL injection on the com_contenthistory module (included by default) that allows for a full take over of the vulnerable site. Directly from the Joomla announcement: Joomla! 3.4.5 is now available.Read […]
10 Years of Joomla! – Supporting JoomlaDay Minnesota
As Joomla prepares to celebrate its 10 year anniversary, we want to be certain to join in the festivities. Why? Because open source platforms allow individuals to better support their families, capitalize on time at home, and maximize earning potential. The follow up questions to these assertions could be: “How do you come to that conclusion?Read […]
Website Malware – The SWF iFrame Injector Evolves
Last year, we released a post about a malware injector found in an Adobe Flash (.SWF) file. In that post, we showed how a .SWF file is used to inject an invisible, malicious iFrame. It appears that the author of that Flash malware continued with this method of infection. Now we are seeing more varieties […]
WordPress Malware Causes Psuedo-Darkleech Infection
Source: The National Archives (UK) Darkleech is a nasty malware infection that infects web servers at the root level. It use malicious Apache modules to add hidden iFrames to certain responses. It’s difficult to detect because the malware is only active when both server and site admins are not logged in, and the iFrame is […]
Critical Vulnerability in Joomla! HD FLV Player Plugin
We’ve been notified of a critical vulnerability affecting the HD FLV Player plugin for Joomla!, WordPress and custom websites. It was silently patched only Joomla! and WordPress, leaving the custom website version vulnerable. Furthermore, websites running this plugin are also at risk of being abused to send spam emails, an issue which wasn’t fixed in […]
JoomDonation Compromised
We are receiving reports from many users of the popular JoomDonation platform that they received a very scary email from someone that supposedly hacked into JoomDonation. The emails went to the proper account registered in there and contained the full names, so it looks like JoomDonation did in fact got breached. This is the full […]
Deep Dive into the HikaShop Vulnerability
It’s been two months since our disclosure of an Object Injection vulnerability affecting versions <2.3.3 of the Joomla! Hikashop extension. The vulnerability allowed an attacker to execute malicious code on a target website. How Does Object Injection Work? Object Injection occurs when raw user input is passed to an unserialize() function call. When this happens, […]