Phone : +91 9582 90 7788 | Email : sales@itmonteur.net

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » Security bug in Joomla hands cybercriminals a playground for attack campaigns

Security bug in Joomla hands cybercriminals a playground for attack campaigns

  • Joomla is believed to still contain an old remote code execution (RCE) flaw in its platform.
  • An attacker exploited this flaw and used malicious PHP code to compromise websites as well as bypassed the CMS’ mail service.

Popular content management system (CMS) Joomla has been hit with new spam campaigns recently. As per a report by Check Point Research, a threat actor who goes by the name ‘Alarg53’ has intruded many Joomla-powered websites by exploiting a security flaw.

The CMS’ mail service, Jmail, was the primary target of the attack. By abusing Jmail, new phishing and spamming infrastructure could easily be set-up.

How does it work?

  • According to Check Point, the attacker firstly exploits the old Joomla Object Injection Remote Code Execution (CVE-2015-8562) vulnerability.
  • A malicious base64 PHP string is injected in the User-Agent field in HTTP requests.
  • This PHP code is decoded to run on the target system and then downloads certain files from Pastebin.
  • One of the downloaded files overrides Jmail. This file serves functions such as sending emails and uploading files.
  • This file now becomes an infrastructure where the attacker can perform operations such as file uploading, and use it for phishing or spamming.

Who is the attacker – Alarg53 has a notable history in the cybercrime space. It is reported that he has hacked more than 15,000 websites in the last few years. His trademark signature is to replace affected websites with a sign saying ‘Hacked by Alarg53’.

“Two years ago, Alarag53 gained worldwide attention by attacking The Biology of Aging Center at Stanford University’s website. At first, it was thought to be just another ‘Hacked By Alarg53’ attack, but within a few hours, two PHP files were uploaded to the relevant servers enabling them to send large amounts of spam mail,” Check Point researchers wrote.

Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

 

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 9582 90 7788 | Support Number : +91-9654016484
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket