Details on the Privilege Escalation Vulnerability in Joomla
Marc-Alexandre Montpas Yesterday, Joomla! 3.6.4 was released, patching a critical privilege escalation and arbitrary account creation vulnerability. As we’ve seen some exploits attempts occurring in the wild,…
Browsing Category
Joomla Security
84 posts
Joomla Account Creation Vulnerability
Daniel Cid The Joomla team released a patch for a serious security vulnerability affecting all Joomla versions from 3.4.4 and up. If you’re using one of these…
Security Through Confusion – The FUD Factor
The FUD factor has been employed by sales and marketing teams from multiple industries for decades. It stands for fear, uncertainty, and doubt (FUD) and…
Hacked Website Report – 2016/Q2
Today we’re releasing our quarterly Hacked Website Report for 2016/Q2. The data in this report is based on compromised websites we worked on, with insights…
New Realstatistics Attack Vector Compromising Joomla Sites
Caleb Lane Nov 2016 Update: If your Joomla site has been hacked, you can follow our guide to fixing it. Read the Guide! Over the past few…
Realstatistics Malware Campaign Leads To Ransomware
Our Incident Response Team (IRT) has been tracking a mass infection campaign over the last two weeks ( codenamed “Realstatistics“). This campaign has compromised thousands of websites built…
Backdoor in Fake Joomla! Core Files
Fioravante Souza We usually write a lot about obfuscation methods on Sucuri Labs and here on the blog. Sometimes we write about free tools to obfuscate your…
Hacked Website Report – 2016/Q1
Our Remediation group is comprised of two distinct teams, the Incident Response Team (IRT) and Malware Research Team (MRT). These teams work closely with our…
Vulnerability Details: Joomla! Remote Code Execution
The Joomla! team released a new version of Joomla! CMS yesterday to patch a serious and easy to exploit remote code execution vulnerability that affected…
Critical 0-day Remote Command Execution Vulnerability in Joomla
Nov 2016 Update: If you need to clean your hacked Joomla site, we have released a new free guide to show you how to identify…
Website Malware – Evolution of Pseudo Darkleech
Denis Sinegubko Last March we described a WordPress attack that was responsible for hidden iframe injections that resembled Darkleech injections: declarations of styles with random names and…