1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Webmasters have only hours to deploy patches, Joomla incident shows

Discussion in 'Network World' started by RSS, Oct 27, 2015.

  1. RSS

    RSS New Member Member

    Four hours -- that's the time Joomla website owners had to apply a patch recently before attackers started to exploit the flaw it fixed. Those who still haven't updated their websites are likely to find them compromised.

    On Thursday, the developers of Joomla released version 3.4.5 of the popular content management system in order to fix an SQL injection vulnerability that allows attackers to gain administrative privileges by hijacking an active administrator session.

    Less than four hours after the update's release and the publishing of a technical overview by security researchers at Trustwave, attackers were already exploiting the flaw. Web security firm Sucuri said it saw attacks against two of its customers who operate very popular Joomla-based websites.

    To read this article in full or to leave a comment, please click here

    Continue reading...
     

Share This Page