HackDig : Dig high-quality web security articles for hacker

Critical SQL Injection CVE-2017-8917 vulnerability patched in Joomla, update it now!

Joomla maintainers released a fix for a critical SQL injection flaw, tracked as CVE-2017-8917, that can be exploited by a remote attacker to hijack websites On Wednesday Joomla maintainers released a fix for a critical SQL injection vulnerability, tracked as CVE-2017-8917, that can be easily exploited by a remote attacker to obtain sensitive data and hijack
Publish At:2017-05-18 16:45 | Read:2884 | Comments:0 | Tags:Breaking News Hacking CVE-2017-8917 Joomla SQL injection Vul

SQL Injection zero-day in component ja-k2-filter-and-search of Joomla

Information Security experts have discovered an SQL injection zero-day vulnerability in Joomla component ja-k2-filter-and-search. Information Security Researchers Dimitrios Roussis and Evangelos Apostoloudis have discovered an SQL injection vulnerability in component ja-k2-filter-and-search (https://www.joomlart.com/joomla/extensions/ja-k2-search) of Joomla,
Publish At:2016-10-19 13:35 | Read:3749 | Comments:0 | Tags:Breaking News Hacking CMS ja-k2-filter-and-search Joomla plu

Deobfuscating a Malicious PHP Downloader

A PHP script was sent to me by reader Nuno who got this from a hacked Joomla website and wanted to know what this was. He said this script was prepended to several legitimate PHP files. Looking into this a bit, I found that this is related to WordPress hacks via MailPoet back in 2014 according to Sucuri (here and here). The original script from 2014 is pre
Publish At:2016-10-16 09:40 | Read:3703 | Comments:0 | Tags:Malscript joomla mailpoet obfuscated php wordpress

Realstatistics campaign leads to ransomware via compromised sites

Threat actors in the wild are behind the Realstatistics campaign are leveraging on out-of-date CMSs to deliver the CryptXXX ransomware. Security experts from Sucuri security firm have spotted a new ransomware-based campaign dubbed ‘Realstatistics’ conducted by threat actors in the past two weeks. “Our Incident Response Team (IRT) has been t
Publish At:2016-07-10 05:35 | Read:3527 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Malware CMS CryptoXXX Joom

Breached Credit Union Comes Out of its Shell

Notifying people and companies about data breaches often can be a frustrating and thankless job. Despite my best efforts, sometimes a breach victim I’m alerting will come away convinced that I am not an investigative journalist but instead a scammer. This happened most recently this week, when I told a California credit union that its online banking si
Publish At:2016-03-11 07:20 | Read:3104 | Comments:0 | Tags:A Little Sunshine Data Breaches Latest Warnings The Coming S

Admedia attacks now rely also on Joomla to serve ransomware

Operators running websites based on the WordPress and Joomla must be aware of a spike in the number of compromised platforms used in Admedia attacks. Not only WordPress CMS, threat actors behind the “Admedia attacks” are now looking with increasing interest to Joomla. This is the discovery made by the experts at the Internet Storm Center (ISC) th
Publish At:2016-02-22 15:20 | Read:3308 | Comments:0 | Tags:Breaking News Cyber Crime Malware Angler exploit kit CryptoW

CVE-2015-8562 – 16,000 Daily Attacks on vulnerable Joomla servers

Experts at Symantec discovered that hackers quickly take advantage of CVE-2015-8562 remote code execution to compromise Joomla servers. Joomla recently patched the CVE-2015-8562 vulnerability that could be exploited by attackers for remote code execution. According to the security expert Daniel Cid from Sucuri, hundreds of att
Publish At:2015-12-28 21:05 | Read:4483 | Comments:0 | Tags:Cyber Crime Hacking Cybercrime zero-Day Joomla RCE CVE-2015-

Joomla under attack due to a zero-day. Patch your CMS now!

The websites based on the popular Joomla CMS need to be updated as soon as possible due to a critical remote code execution vulnerability. The websites based on the popular Joomla CMS need to be updated as soon as possible, Joomla has just released a security patch to fix a critical eight-year-old remote code execution vulnera
Publish At:2015-12-16 19:45 | Read:2295 | Comments:0 | Tags:Cyber Crime Hacking Breaking News zero-Day Joomla RCE

Hackers actively exploit critical vulnerability in sites running Joomla

Attackers are actively exploiting a critical remote command-execution vulnerability that has plagued the Joomla content management system for almost eight years, security researchers said.A patch for the vulnerability, which affects versions 1.5 through 3.4.5, was released Monday morning. It was too late: the bug was already being exploited in the wild, rese
Publish At:2015-12-15 03:40 | Read:2287 | Comments:0 | Tags:Risk Assessment Technology Lab Uncategorized content managem

Financial Reporting Council of Nigeria site used for phishing scam

According to Netcraft, the website of Financial Reporting Council of Nigeria is used to serve a webmail phishing site from the legitim site of the agency. The website of the Financial Reporting Council of Nigeria was used by cyber criminals in a phishing scam. According to the experts at Netcraft, the website of Financial Repo
Publish At:2015-11-06 22:30 | Read:2489 | Comments:0 | Tags:Breaking News Cyber Crime Cybercrime Financial Reporting Cou

Joomla SQL Injection Vulnerability exploited in the wild

Security experts at Sucuri reported a number of attacks exploiting a critical SQL injection flaw recently disclosed in the Joomla Content Management System. A few days ago, security experts disclosed a critical SQL injection vulnerability in the Joomla Content Management System (CVE-2015-7858), but as expected, threat actors i
Publish At:2015-10-28 04:20 | Read:3343 | Comments:0 | Tags:Breaking News Cyber Crime Hacking CMS Cybercrime Joomla SQL

Attackers Targeting Unpatched Joomla Sites Through SQL Injection Vulnerability

Following the disclosure of a critical SQL injection vulnerability in the software last week, as expected, attacks are being carried out against sites running old, unpatched versions of the content management system Joomla.Experts warned that it’d be easy for an attacker to gain full control of a website and execute additional attacks through the vulne
Publish At:2015-10-28 03:40 | Read:2194 | Comments:0 | Tags:Vulnerabilities Web Security critical vulnerabilities Joomla

Joomla SQL Injection Flaw Exploited Hours After Disclosure

Malicious actors began exploiting a patched critical vulnerability found in Joomla—a popular open-source content management system—just four hours after its details were disclosed.Discovered by researchers at Trustwave, the SQL injection flaw (CVE-2015-7297, CVE-2015-7857 and CVE-2015-7858) found in versions 3.2 through 3.4.4 of Joomla could potentially gran
Publish At:2015-10-28 02:30 | Read:2221 | Comments:0 | Tags:Latest Security News Joomla SQL Injection Sucuri vulnerabili

Joomla bug puts millions of websites at risk of remote takeover hacks

Millions of websites used in e-commerce and other sensitive industries are vulnerable to remote take-over hacks made possible by a critical vulnerability that has affected the Joomla content management system for almost two years.The SQL-injection vulnerability was patched by Joomla on Thursday with the release of version 3.4.5. The vulnerability, which allo
Publish At:2015-10-24 06:25 | Read:2474 | Comments:0 | Tags:Risk Assessment Technology Lab CMS content management system

Joomla Update Patches Critical SQL Injection Vulnerability

Joomla on Thursday released a new version of its content management system, 3,4,5, that addresses a critical SQL injection vulnerability that could have let attackers gain access to data in the backend of any site running on the platform.The bug existed in versions 3.2 to 4.4.4 of the CMS, and would have to be combined with two other vulnerabilities to carry
Publish At:2015-10-23 15:40 | Read:1846 | Comments:0 | Tags:Vulnerabilities Web Security Joomla spiderlabs SQL sql injec

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud