WE HAVE MANY SUPPORT OPTIONS

3Get our response in 2 hours or less.

You can also email us at info @ intelliplans .com // Need Remote Support? Windows or Mac

WE'RE AVAILABLE 24/7

Sales: 800.229.0674
24/7 Phone Support: 850.549.2282 | 480.624.2500
Customer Service | Contact Form | Email

Why you Must Secure your CMS

Part of what has made the internet more of a necessity than a luxury is how accessible it is for people. So accessible that just about anyone can have their own website, which is why there are over one billion existing websites right now-a number that grows as impressively by the second as it has by the year.

So, why are CMS platforms targeted by hackers?

First, because websites on these platforms are so prevalent. Second, because the open-source framework of these systems requires webmaster responsibility and attention to security precautions.

There’s a lot of monetary incentive for hackers to find and exploit vulnerabilities in these systems since these CMS platforms are so widely used by businesses and for e-commerce purposes. That, on top of already existing hacker culture, is incentive enough for digital perpetrators to regularly target open source CMS systems.

Continue reading
Rate this blog entry:
1351 Hits
0 Comments

Critical vulnerabilities pose a serious threat to Joomla sites

b2ap3 large joomla security alertby Mark Stockley

Joomla, the world’s second most popular web content management system (CMS), has been under sustained attack for several days, thanks to a nasty pair of vulnerabilities disclosed last week.

Security announcements 20161001 (CVE-2016-8870) and 20161002 (CVE-2016-8869) describe how flaws in Joomla’s user registration code could allow an attacker to “register on a site when registration has been disabled” and then “register … with elevated privileges”.

If the significance of those two statements hasn’t entirely sunk in let me make it plain: taken together, the vulnerabilities can be used to unlock any site running Joomla, anywhere on the internet, with little more than a polite request detailing what you’d like to be called and how much power you want.

Continue reading
Rate this blog entry:
1381 Hits
0 Comments

Alert! Joomla Security Severity: High - Core - Elevated Privileges

[20161002] - Core - Elevated Privileges

  • Project: Joomla!
  • SubProject: CMS
  • Severity: High
  • Versions: 3.4.4 through 3.6.3
  • Exploit type: Elevated Privileges
  • Reported Date: 2016-October-21
  • Fixed Date: 2016-October-25
  • CVE Number: CVE-2016-8869

Description

Incorrect use of unfiltered data allows for users to register on a site with elevated privileges.

Affected Installs

Joomla! CMS versions 3.4.4 through 3.6.3

Solution

Upgrade to version 3.6.4

Continue reading
Rate this blog entry:
1417 Hits
0 Comments

How to Secure A CMS Website?

Everyone hates security. Security means extra work. Lots of it. You need to monitor security announcements, apply tedious upgrades (even though they may break your site), and review plugins carefully before you install them. No fun.

But what's the alternative? A broken or compromised site. You want your homepage to stay the way you left it, right? Not get defaced by a Mongolian teenager? Then you'll need to learn about security.

Get Security Announcements

The first step to staying secure is staying informed. Any good CMS, and any good extension, will have regular security updates. But they won't do you any good if you don't hear about them. Learn how to find and subscribe to security announcements for every moving part in your website.

Continue reading
Rate this blog entry:
1514 Hits
0 Comments

Why is it important to update your CMS?

A CMS is not a book. You write a book, you publish it, and there it is, a lovely block of paper. It's done. It can endure for centuries.

By contrast, a CMS is never done. If you don't keep upgrading your CMS, you risk losing your site.

Websites, Like Cars, Need Maintenance

Many people think of websites as a one-time expense. They want to pay a developer, get a nice website "built," and then move on. But that's not how it works.

A website needs to be maintained.

Continue reading
Rate this blog entry:
1491 Hits
0 Comments

Drupal drips out ten new patches, one worthy of immediate attention

Version 6.0 sent to code heaven, where old open source projects frolic among unicorns

Drupal has patched 10 holes in its platform that allow attackers to do things like access blocked resources and gain remote code execution.

The world's second-most-popular content management system also sent its sixth version to end-of-life status.

Six of the flaws are considered moderately severe and three minor for affected versions six, seven, and eight.

Continue reading
Rate this blog entry:
1154 Hits
0 Comments

Top daily DDoS attacks worldwide

 

A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. They target a wide variety of important resources, from banks to news websites, and present a major challenge to making sure people can publish and access important information.

Continue reading
Rate this blog entry:
1492 Hits
0 Comments

602 Gbps! This May Have Been the Largest DDoS Attack in History

Cyber attacks are getting evil and worst nightmare for companies day-by-day, and the Distributed Denial of Service (DDoS) attack is one of the favorite weapon for hackers to temporarily suspend services of a host connected to the Internet.

Until now, nearly every big website had been a victim of this attack, and the most recent one was conducted against the BBC's websites and Republican presidential candidate Donald Trump's main campaign website over this past holiday weekend.

Out of two, the largest DDoS attack in the history was carried out against the BBC website: Over 600 Gbps.

Continue reading
Rate this blog entry:
1231 Hits
0 Comments

Joomla Security: Big Hits for New Vulnerability

According to US-CERT, Joomla has just released version 3.4.7 of its open-source content management system (CMS) in an effort to lock down two new vulnerabilities, one of which could grant attackers full control of an affected website. As noted by SecurityWeek, the severity of these flaws didn’t go unnoticed: Symantec tracked an average of 16,000 hits per day attempting to exploit the issue. Here’s a rundown of what’s at risk with an unpatched Joomla install.

JOOMLA SECURITY RISKS

For almost a decade, a critical remote command execution vulnerability has existed in Joomla; versions 1.5 through 3.4.5 are affected by CVE-2015-8562. According to Ars Technica, while Joomla security teams patched the vulnerability within two days, the bug was already being exploited in the wild on IP addresses 146.0.72.83, 74.3.170.33 and 194.28.174.106. In addition, any events using either “JDatabaseDriverMysqli” or “O:” in the user agent were likely attack vectors.

So what’s the big risk here? CVE-2015-8562 leverages an issue with poor filtering when Joomla saves browser session values. As detailed by Sucuri, exploiting this flaw and combining it with the result of MySQL meeting a UTF-8 character that isn’t supported by uft8_general_ci — which causes data truncation from a specific value — it’s possible to launch an attack that could fully compromise servers. Cybercriminals then use the servers as malware hosts or sell access to them for a fee on the Dark Web.

Continue reading
Rate this blog entry:
1182 Hits
0 Comments

Vulnerable Joomla Site Owners (Servers) See 16,000 Daily Attacks

Symantec has detected up to 20,000 daily attempts to exploit a recently patched Joomla vulnerability that can be leveraged for remote code execution.

The vulnerability, identified as CVE-2015-8562, was patched in mid-December with the release of Joomla 3.4.6 and hotfixes for versions 1.5 and 2.5. The first attempts to exploit the flaw, which affects installations running Joomla 1.5.0 through 3.4.5, were spotted two days before the developers of the popular content management system (CMS) released patches.

Symantec has been monitoring attack attempts and detected, on average, 16,000 daily hits since the vulnerability was disclosed.

Attackers can leverage the Joomla security hole to compromise servers and use them for hosting malware and other malicious activities. They can also sell access to the targeted servers on the underground market, allowing others to abuse them for distributed denial-of-service (DDoS) attacks. Some of the compromised machines can also host valuable information.

Continue reading
Rate this blog entry:
958 Hits
0 Comments

Joomla! 3.4.7 Version Fixes Security Flaws

Joomla! has released the latest version, 3.4.7, of its free content management system software to address two reported security vulnerabilities.

The new version of Joomla!, which is used to create websites and online applications, strengthened the security of the MySQLi driver to help prevent object injection attacks.

Joomla said its Security Strike team has been following up on the critical security vulnerability patched last week.

“Since the recent update it has become clear that the root cause is a bug in PHP itself,” Joomla! reported on its website. “This was fixed by PHP in September of 2015 with the releases of PHP 5.4.45, 5.5.29, 5.6.13.”

Joomla! pointed out the only Joomla sites affected by this bug are those that are hosted on vulnerable versions of PHP, and it corrected the flaw because not all hosts keep their PHP installations up to date.

Joomla! 3.4.7 is now available. This is a security release for the 3.x series of Joomla which addresses a critical security vulnerability and one low level security vulnerabilities. We strongly recommend that you update your sites immediately.

This release only contains the security fixes; no other changes have been made compared to the Joomla 3.4.6 release.

WHAT'S IN 3.4.7

Version 3.4.7 is released to address two reported security vulnerabilities and includes security hardening of the MySQLi driver to help prevent object injection attacks.

The Joomla Security Strike team has been following up on the critical security vulnerability patched last week. Since the recent update it has become clear that the root cause is a bug in PHP itself. This was fixed by PHP in September of 2015 with the releases of PHP 5.4.45, 5.5.29, 5.6.13 (Note that this is fixed in all versions of PHP 7 and has been back-ported in some specific Linux LTS versions of PHP 5.3). The only Joomla sites affected by this bug are those which are hosted on vulnerable versions of PHP. We are aware that not all hosts keep their PHP installations up to date so we are making this release to deal with this issue on vulnerable PHP versions.

SECURITY ISSUES FIXED

  • High Priority - Core - Session Hardening (affecting Joomla 1.5 through 3.4.6) More information »
  • Low Priority - Core - SQL Injection (affecting Joomla 3.0.0 through 3.4.6) More information »

Please see the documentation wiki for FAQ’s regarding the 3.4.7 release. It is important to note that due to some session changes you will not be able to edit items until you log out and log back in again. Please note that there has been a backwards compatibility break regarding how session management is handled. If you are using the documented Joomla API you will have no issues. The changes are fully documented in the release documentation.


Sources:

  1. https://www.joomla.org/announcements/release-news/5643-joomla-3-4-7-released.html
  2. https://www.us-cert.gov/ncas/current-activity/2015/12/22/Joomla-Releases-Security-Update-CMS

 

Continue reading
Rate this blog entry:
1044 Hits
0 Comments

WARNING: Websites Running Joomla 1.5 Are at Risk

As of August this year, according to W3techs out of all the websites currently using Joomla, 44.6% of them are still on the unsupported Joomla 1.x series, support for which ended way back in September 2012.

Whilst the Joomla 1.x series was very robust and can still run reliably if well looked after, it's time is nearly up. Technologies are changing and security is being tightened up online, and the Joomla 1.x series is being left behind. So if you're running a Joomla 1.x website, now is the time to upgrade, and here are just a few reasons why;

1. Security

As of September 2012 support for Joomla 1.5 was officially dropped, meaning that no security patches will be released. This can be a big problem if you rely on third party code for any of your websites features, for example Google Maps or online payment gateways, or simply if an extension you are using becomes compromised by new hacking techniques. The longer you run a Joomla 1.x series website there is a growing risk of your website being hacked and your data compromised.

2. Changing server technologies

Like Wordpress and Concrete 5, Joomla is a PHP based CMS, which runs on a Linux based server and runs its databases via MySQL. These technologies are also constantly evolving to keep the nasty hackers away as they find new ways to be naughty and get into places they shouldn't.

Currently, there is no supported version of PHP compatible with Joomla 1.5! (http://php.net/eol.php)

As a result of this, we have noticed hosting companies are forcing their customers to upgrade their PHP versions to at least PHP 5.4 (The latest is 5.5). Joomla 1.5 sites are compatible with PHP versions up to 5.3, and so features of your Joomla 1.5 are almost certain to break if your host decides upgrades your PHP version.

At Channel we have mitigated against this for our customers by running Joomla 1.5 sites on the legacy versions of PHP to ensure your websites continue to run happily, but there will come a point in the very near future where we will be forced to upgrade to newer PHP versions, and those 1.x sites will no longer function.

3. Extensions Support and easiEr upgrades

Most extension developers have dropped their support for 1.5 versions of extensions to build extensions for the current Joomla versions. More than 65% of Joomla extensions are now available for Joomla 2.5, so it is likely that any functionality you had previously will still be available on the newer Joomla versions.

4. Future proofing

Joomla 2.5x has many great features compared to the 1.x series, the most cost effective of which is a more robust and easier upgrade system. Joomla 2.5x has an inbuilt upgrade engine, which give you upgrade notifications and 1 click upgrades. It has also been built with future version upgrades in mind and has been designed to make the jump between Joomla versions much easier than upgrading the 1.x series, saving you time and money in the long run.
But my website is fine, why do I need to upgrade?

This is a common question from our customers and it's logical to think "If it ain't broke don't fix it"!, but unfortunately that sentiment doesn't apply to well in the world of the web.

OTHER COMMON THINGS WE HEAR ARE:

  • We built our site only a few years ago and don't have the budget for upgrading.
  • It sounds like a lot of work, I can't be bothered with it
  • My site has never been hacked, so I don't need to upgrade
  • You're only telling me I need to upgrade because you want more business.

Whilst it is true there is a fair amount of work involved and you may have a perfectly healthy Joomla 1.x series website, it won't stay that way forever. The question to ask is if your website got hacked tomorrow, what would be the loss in revenue/reputation for your business?

If the monetary value of any disruption outweighs the cost of upgrading your site, then it's something you really should invest in. Otherwise, you will end up with a website that you cannot host, or if you do find a host who is willing to take it, it will end up repeatedly getting hacked and live a pretty sad life for the rest of its days!

SO HOW DO I UPGRADE AND WHAT'S INVOLVED?

Every website is different. The work involved depends on how many extensions you have, how many customisations you have done, the amount of content and functionality in your site, amongst other things. We have experience of reliably upgrading 1.x sites and would welcome you to contact us for a free audit of your website to find out the best method for you to upgrade.

FREE AUDIT

To help our customers running 1.x series sites and also in the interest of all of our other customers in regards to security, we are offering a free audit to help you find out what's involved in upgrading your Joomla 1.x series website to the latest Joomla! version.

We don't want to see our long standing members fall by the wayside and eventually have to remove them from our servers when they become untenable security risks, so we could encourage you to get in touch with us asap to plan for your upgrade.

So if you are running a Joomla 1.x series site, please get in touch with one of the team today who will be happy to do your free audit and quote for upgrading your Joomla site today.

Continue reading
Rate this blog entry:
976 Hits
0 Comments

Regular Updates to Your Website CMS is Important

Regular Updates to Your Website CMS is Important

A content management system (CMS) is the easiest way to add, edit and refine content on your website. The ability to easily and quickly add and manage content is essential for anyone with a professional website. If you don’t have some form of CMS built in to your website, it’s time to seriously ask yourself the question – Is your website offering you what you need it to?

Most people have heard the phrase ‘content is king’, and since good content is the cornerstone of any effective website – content should be revised and updated regularly.

A CMS allows you to control the content on your site on your own terms without having to have a working knowledge of HTML or CSS (web coding languages), and means you also will be able to avoid having to get in touch with your web developer every time you want to add or amend content.

Not only is having to deal with a third party when it comes to updating content time consuming, it also means that you’re probably not going to end up adding as much content as you should. In the competitive world of online marketing and appearing in Google’s search results, new and insightful content can be the difference between people finding you over one of your competitors.

From Joomla, WordPress and Drupal, there are many different content management systems that are used internationally, but none more popular (and arguably as easy to use) as WordPress. Therefore for the purpose of this article we will be focusing mainly on updating WordPress, although the main point is consistent for all CMS’s, with the major point being – update or beware.

Similar to anti-virus software updates, CMS updates are provided regularly for good reason. Like anything else, when it comes to online security, everything on the web can become vulnerable with time and hackers are always finding new holes, and new ways to exploit the back end of a website.

Outdated software is especially prone to attack as coding languages have changed and gaping holes can be left which black hat operators are all to keen to exploit for their own gain. Third party plugins, themes and scripts can also present a security risk to your CMS, so before installing any third party plugin or theme on your site, make sure to do your research to verify the safety and reputability of the add-on you are installing.

So if your site becomes compromised, the worst that could happen could be any of these below:

  • Thousands of spammy links from questionable sites which may cause your site to be penalised by Google leading to loss of traffic and enquiries
  • Stealing of private user data including email addresses, credit card information, passwords and other private customer information
  • Hi-jacking of your site to change layout, delete or add offensive content, or change the way your site functions
  • Changing of your CMS password restricting access to your site.

OTHER REASONS TO UPDATE YOUR CMS

Apart from the major reason of security, updating your CMS also offers a range of other benefits. New updates contain more efficient codes and features which help to improve the speed and performance of your site, while also using less bandwidth. As your site grows, this will also alleviate pressure on your web server.

An updated CMS also gives access to new features that can enhance the usability of the platform to integrate with other tools. New updates also help to simplify the way you add content to your site, including the ability to drag and drop rich content without the need for reformatting.

For those who don’t manage a website themselves, it’s important to have a plan in place with your hosting company or website administrators to ensure your CMS is regularly updated. This ensures that neither party assumes the other is responsible for updating the software and a plan is in place for the ongoing security of your site. This could be as simple as making someone in your business responsible for doing this, and checking that the version of the CMS that you are using is the latest one, or it could mean paying your hosting company or web developer to take responsibility of your site security including an updated CMS.



Credits: http://www.mediaheroesbrisbane.com.au/

Continue reading
Rate this blog entry:
941 Hits
0 Comments

WordPress Under Attack As Double Zero-Day Trouble Lands

WordPress Under Attack As Double Zero-Day Trouble Lands

The WordPress platform is yet again under attack, thanks to vulnerabilities across old and new versions of the content management system.

The most pressing issue is a fresh zero-day, a previously unknown and unpatched weakness, affecting the latest version of WordPress, 4.2, and prior iterations, as revealed by Finnish company Klikki Oy yesterday. It released a video and proof of concept code for an exploit of the flaw, which allows a hacker to store malicious JavaScript code on WordPress site comments. Under normal circumstances, this should be blocked as it could be abused to send visitors’ usernames and passwords to a hacker’s site – what’s known as a cross-site scripting attack. All that’s required is for a user’s browser to parse the code when they land on the affected site.

If a logged-in administrator visits the affected page, the hacker could acquire access to the server, Klikki Oy warned. “Alternatively the attacker could change the administrator’s password, create new administrator accounts, or do whatever else the currently logged-in administrator can do on the target system.” For website admins, the advice for now is to disable comments until a fix is released.

Ryan Dewhurst, security researcher and owner of the WordPress vulnerability database WPScan, told FORBES he’d tested the attack code and it worked. His own proof of concept hack can be found on Github. He noted the attack requires the hacker to have a previously approved comment on the target site so the comment containing the exploit does not need approving.

Continue reading
Rate this blog entry:
1057 Hits
0 Comments

SWF Files Injecting Malicious iFrames on WordPress, Joomla Sites

Researchers have seen an uptick in Adobe Flash .SWF files being used to trigger malicious iFrames across websites.

Several hundred WordPress and Joomla websites have been swept up in the campaign, first observed by researchers at the firm Sucuri last November.

“Though it’s uncertain how many iterations existed in the wild when we first reported the issue, this time we’ve found a lot of websites where the infection looks similar,” Peter Gramantik, a senior malware researcher at the firm wrote Thursday.

According to Gramantik the infection is clearly marked by a .SWF file with three random characters as a name that’s stored in a site’s images/banners/ folder. As far as the firm has seen, each file has a random hashed ID parameter attached to the end of it.

While the malware’s variable names, coding logic, and UserAgent remain the same, one of the main differences from last November’s version of the campaign and this one is that this incarnation has spread to from Joomla sites to WordPress sites. As is to be expected, the website delivering the malicious payload has changed as well.

The .SWF files, also known as small web format files, inject an invisible iFrame, which can go on to drop other exploits.


Source: https://threatpost.com/

"Distrust and caution are the parents of security" - Benjamin Franklin

Continue reading
Rate this blog entry:
1042 Hits
0 Comments

Trojan Threatens Owners of Drupal, WordPress and Joomla Sites

Trojan Threatens Owners of Drupal, WordPress and Joomla Sites

Fox-IT, a security vendor located in Netherlands, says that cyber crooks are running a blackhat SEO (search engine operation) operation which is threatening website owners using Joomla, Drupal and WordPress with a secret backdoor Trojan that links to the underlying web server in support of their operations.

The attackers are tricking administrators of website to install their malware-laden, pirated and other plug-ins for free. As per Fox-IT, cybercriminals can institute control of the server when a malware nicknamed 'CryptoPHP' is dropped on the server.

Fox-IT warns that CryptoPHP has compromised thousands of websites. The threat is so named as it uses RSA Public Key cryptography to protect communication with servers. Several sources have been associated with spread of the backdoor known as nulledstylez.com but many other websites like wp-nulled.com, mightywordpress.com and freemiumscripts.com are dealing in copied illegally plugins and themes.

The site has flagged each downloads subject to it being virus free but Fox-It points out that the versions made available for download varied in that they had been verified as virus free by VirusTotal. The pirated downloads have been re-checked and it has been found that files with different timestamps comprise the backdoor concealed in PHP code.

Continue reading
Rate this blog entry:
1588 Hits
0 Comments

Boston.com among websites attacked by Syrian hacker group

By Trisha Thadani and Kiera BlessingGlobe Correspondents  November 28, 2014

Boston.com and several other news and retail websites could not be accessed for a time Thursday after a third-party service provider used by the sites was hacked.

A group called the Syrian Electronic Army claimed responsibility, according to a statement from the third-party sever, Gigya. The Syrian Electronic Army supports Syrian president Bashar Assad and claims to have hacked dozens of websites, such as CNN, Forbes, UNICEF, and Microsoft.A post on Gigya’s blog by chief executive Patrick Salyer said the company experienced “sporadic failures” with access to its service starting about 6:45 a.m. Thursday. The issue was largely resolved by 7:40 a.m.

The company said no user data had been compromised.

“To be absolutely clear: Neither Gigya’s platform itself nor any user, administrator, or operational data has been compromised and was never at risk of being compromised,” Salyer said.

When users accessed the affected websites Thanksgiving morning, they were greeted by a pop-up that read, “You’ve been hacked by the Syrian Electronic Army (SEA),” and then were redirected to an image of the group’s logo, according to an article on Boston.com.

Boston.com deputy editor Hilary Sargent said she was not aware of the site previously being affected by such an episode.

The hackers took control of Gigya’s domain name and altered its settings to direct users to another website, Salyer said.

Several affected companies, including Office Depot, the New York Daily News, the Dallas Morning News, and Boston.com confirmed that they had been affected. Others, such as Microsoft, said they were not aware of any problem with their website, despite the Syrian Electronic Army’s claims.

Salyer said Gigya has “the highest levels of security around our service and user data” and that the company has “put additional measures in place to protect against this type of attack in the future.”

In October, the Massachusetts Maritime Academy’s website was hacked by an extremist group three times in two days. Those trying to use the site were redirected to a photo of what appeared to be a soldier’s grave, with Arabic writing beneath the photo.

The academy’s president, Rear Admiral Richard Gurnon, called the hack a “case of mistaken identity,” saying the website could be mistaken for the Naval Academy’s by someone who doesn’t speak English well.

The Maritime Academy’s site was taken offline until the issue was resolved.

The Syrian Electronic Army does not claim to have any affiliation with extemists.

Trisha Thadani can be reached at [email protected]. Kiera Blessing can be reached at [email protected].

Continue reading
Rate this blog entry:
1506 Hits
0 Comments

Popular CMS WordPress, Joomla and Drupal threatened by CryptoPHP backdoor

Popular CMS WordPress, Joomla and Drupal threatened by CryptoPHP backdoor

A large proportion of websites are built on a CMS rather than raw HTML. Three of the most common are WordPress, Joomla and Drupal, and security researchers at Fox-It warn that site administrators are at risk of being socially engineered into installing the CryptoPHP backdoor on their server.

Distributed through pirated themes and plugins, CryptoPHP's spread is thanks to the light-fingeredness of site admins. It was first detected in 2013 and is still actively spreading. The capabilities of the "well developed" backdoor include remote control of an infected server, and Blackhat SEO -- a form of illegal search engine optimization.

Fox-It warns that thousands of websites have been compromised by CryptoPHP. The threat is so named because it uses RSA Public Key cryptography to protect communication with servers. A number of sources have been associated with the spread of the backdoor, which is nulledstylez.com, but numerous other sites dealing in pirated plugins and themes that are involved -- including freemiumscripts.com, wp-nulled.com and mightywordpress.com.

Each of the downloads was flagged by the site providing it as being clean from viruses, but Fox-It points out that the versions made available for download differed in that they had been verified as clean by VirusTotal. Upon examining the contents of the pirated downloads, files with different timestamps to the rest were found to include the backdoor hidden in PHP code.

While there is little to stop CryptoPHP infecting other CMSs, WordPress, Joomla and Drupal are the main targets due to their popularity. The backdoor installation varies from platform to platform, but in the case of WordPress an extra administrator account is added so that access can be maintained even if the backdoor itself is removed.

Tracing the activity of CryptoPHP seems to lead back to a Moldavian IP address -- specifically in the state Chisinau. Control centers have been identified in the US, Poland, Germany and Netherlands, and Fox-It has produced a white paper that details how to detect the presence of the backdoor.

 


Credits: http://betanews.com


Continue reading
Rate this blog entry:
2638 Hits
0 Comments

Attackers Using Compromised Web Plug-Ins in CryptoPHP Blackhat SEO Campaign

Attackers Using Compromised Web Plug-Ins in CryptoPHP Blackhat SEO Campaign

Attackers Using Compromised Web Plug-Ins in CryptoPHP Blackhat SEO Campaign

Researchers have discovered a group of attackers who have published a variety of compromised WordPress themes and plug-ins on legitimate-looking sites, tricking developers into downloading and installing them on their own sites. The components then give the attackers remote control of the compromised sites and researchers say the attack may have been ongoing since September 2013.

The incident came to light through an investigation by researchers at Fox-IT in the Netherlands, who discovered it after noticing a compromised Joomla plug-in on a customer’s site. After a little investigation, they discovered that the plug-in had been downloaded from a site that offers a list of pirated themes and plug-ins.

Continue reading
Rate this blog entry:
2951 Hits
0 Comments

What CIOs Can Learn From the Biggest Data Breaches

data-breach-thinkstock-100448953
Credit: Thinkstock

A postmortem analysis of some of the biggest recent data breachesoffers IT leaders several pieces of advice for staying a step ahead of hackers.

We keep hearing about them in the news. The tallies are astounding: 145 million user accounts compromised here, 40 million credit cards stolen there. What isn't always as clear with the most high-profile data breaches is how they occurred in the first place and what you can do to prevent seeing your organization in a similar headline.

CIO.com tapped several security professional to summarize the origins of the top five recent data breaches to affect U.S. firms. There are also lessons to learn from AT&T, Community Health Systems, Experian, Michaels, Neiman Marcus, P.F. Chang's and the UPS Store, among many others.

Continue reading
Rate this blog entry:

Copyright

© http://www.cio.com/article/2845618/data-breach/what-cios-can-learn-from-the-biggest-data-breaches.html

1179 Hits
0 Comments
TOP