Millions of websites at risk, as Joomla high level security flaw discovered. Update now
If you’re running a website of any size there is a good chance that you are using a content management system (CMS).
A CMS is the piece of software which manages all of the content on your website, ensuring that visitors get to see the webpage and images that they’re expecting to see. As such, for many websites, a CMS is an essential part of they manage to deliver content to their website’s visitors.
The CMS with the largest marketshare by far (over 50%) is WordPress – the platform which Hot for Security is running on – but next in line are Joomla and Drupal.
Although in second place, the free, open-source Joomla CMS software still powers millions of websites around the world.
Indeed, the tagline the software uses to promote itself is “Joomla! The CMS Trusted By Millions for their Websites.”
As a result of its popularity, it’s essential that website administrators keep Joomla updated and patched to help prevent hackers from exploiting security holes.
Version 3.6.5 of Joomla has just been released, addressing security issues and fixing some bugs.
The most important issue that Joomla 3.6.5 addresses is an elevated privileges flaw in all versions of Joomla from 1.6.0 – 3.6.4, which could allow a malicious attacker to modify existing user account, including resetting usernames, user group assignments and (gulp!) passwords.
The implication is that an attacker could even create a brand new account on the site they are targeting, and then escalate its privileges to give it ‘god-like’ abilities on the site, and upload a remote shell to further compromise the server.
With a vulnerability as bad as that, it’s easy to understand why Joomla is telling users to update their websites as soon as possible.
In fact, the chances are that malicious attackers are already searching the net looking for vulnerable sites.
The worry is, of course, that some websites may never be updated – making easy picking for malicious attackers.
If you run a website powered by Joomla, please take security seriously. Reduce the risk of your site being compromised by updating to the latest version of your CMS, and ensuring that you keep a close eye in the future on emerging security issues.
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US
July 16, 2021
How to protect yourself against cyberstalking
July 06, 2021
The Top Five Security Risks Smartphone Users Face Today
July 02, 2021
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials
July 02, 2021
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger
June 30, 2021
Mobile security threats: reality or myth?
June 13, 2021
FOLLOW US ON
You might also like
July 23, 2021
July 22, 2021
July 20, 2021