{"id":4962,"date":"2015-12-18T19:53:17","date_gmt":"2015-12-18T19:53:17","guid":{"rendered":"https:\/\/kasperskydaily.com\/b2b\/?p=4962"},"modified":"2020-12-11T08:06:30","modified_gmt":"2020-12-11T13:06:30","slug":"joomla-attack","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/joomla-attack\/4962\/","title":{"rendered":"Call to action: CMS Joomla attacked"},"content":{"rendered":"<p>Alright, ladies and gentlemen, this is kind of urgent, especially for businesses using Joomla. Users of other CMSs may be interested too, because there&#8217;s absolutely no guarantee that something like this cannot happen to them.<\/p>\n<p><strong>What&#8217;s the buzz?<\/strong><\/p>\n<p>Joomla-based sites are being attacked using the zeroday vulnerability. According to the researchers who discovered the threat, this is an object injection flaw that allows a full remote command execution. Exploits are in the wild, and the attacks are accelerating, Threatpost reports.<\/p>\n<p>Attacks started last Saturday, and the &#8220;post-exploitation tactics&#8221; were observed as the attackers injected their backdoors then patched the vulnerability (as the official update is in), creating an illusion of safety.<\/p>\n<p>Fortunately, the attacking IPs are more or less known, so researchers recommend filtering logs for either of these IP addresses or looking for &#8220;JDatabaseDriverMysqli&#8221; or &#8220;O:&#8221; in the User Agent.<\/p>\n<p>More data is available at Threatpost.<\/p>\n<p><strong>Major troubles for major CMS<\/strong><\/p>\n<p>From our side, it is necessary to mention that the major content management systems come under attack on a regular basis; their popularity make them a favorable target for criminals looking to spread their malware as far and wide as possible, so the popular sites with vulnerable CMS are their &#8220;weapon of choice&#8221;.<\/p>\n<p>We&#8217;ve witnessed a major number of attacks on WordPress CMS both in 2013 and 2014. In the latter case a &#8220;passively popular&#8221; plugin bundled with many WordPress themes was a vulnerable entry-point. Around 10K sites were added to denylist by Google for re-distributing malware, which is an extremely dangerous development for web-based businesses. Your site going down in rankings is way more easy than bringing it back up, and meanwhile losses may be fatal.<\/p>\n<p>Joomla users are whole-heartedly recommended to install the appropriate updates and check out possible hints of being compromised.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Joomla-based sites are being attacked using the zeroday vulnerability. According to the researchers who discovered the threat, this is an object injection flaw that allows a full remote command execution. <\/p>\n","protected":false},"author":209,"featured_media":15497,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1999,3052],"tags":[1343,2371,2372,899,2353],"class_list":{"0":"post-4962","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-smb","9":"tag-0days","10":"tag-cms","11":"tag-exploit","12":"tag-hack","13":"tag-joomla"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/joomla-attack\/4962\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/joomla-attack\/4962\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/joomla-attack\/4962\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/0days\/","name":"0days"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/4962","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/209"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=4962"}],"version-history":[{"count":4,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/4962\/revisions"}],"predecessor-version":[{"id":38006,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/4962\/revisions\/38006"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/15497"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=4962"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=4962"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=4962"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}