More in #PatchTuesday
Nearly one million new malware threats are released every day. Malware, short for malicious software, is used to gather sensitive data, gain unauthorized access to websites and even taking over computers. There are a number of ways a cybercriminal can use malware to infect your website. Not to mention all of the different malware types and purposes. Not only can malware harm your website but it can harm your visitors, too.
A security researcher at Techunzipped has spotted City Parking website spreading malware to visiter. City website was hacked on the 03 of January 2018.
According to a few scans done by Techunzipped, the City Park website has is running outdated software; the website is Joomla 3.2.3 when the latest version is 3.8.2.
Joomla, the world’s second most popular web content management system (CMS), has been under sustained attack, thanks to a nasty pair of vulnerabilities disclosed last year.
Security announcements 20161001 (CVE-2016-8870) and 20161002 (CVE-2016-8869) describe how flaws in Joomla’s user registration code could allow an attacker to “register on a site when registration has been disabled” and then “register … with elevated privileges”. This is a 2016 vulnerability.
In 2017 Joomla 3.8.0 specifically addressed improper input sanitization in the LDAP authentication plugin, which affected versions 1.5.0 through 3.7.5 if Joomla was configured to use the plugin.
Modern CMS software is successful in part because of the power it puts into the hands of non-technical users. Making those same users the linchpin of our collective security just makes no sense.
As we’ve said on Techunzipped many times before, it doesn’t matter when a patch becomes available, it’s when it’s applied that counts. That’s why we believe there’s simply no option for Drupal and Joomla but to follow the lead shown by WordPress and deploy automatic security updates by default.
Below is the Hacked URL: http://cityparking.co.zw/krd.html
Pardon has been a technology enthusiast his entire life and has spent the better part of last decades in information technology and security, and he writes with an aim to remove some of the "mysticism" from the cyber world. He’s the Editor at Techunzipped. Away from the keyboard, you're likely to find him playing with the latest gadgets or the latest Game.