Critical Joomla Vulnerability Discovered

Operators of websites running on the popular Joomla CMS have been alerted to a remote takeover risk following the discovery of a critical Joomla vulnerability. Approximately 2.8 million websites use the Joomla Content Management System, with the CMS second only to WordPress in terms of market share.

Joomla version 3.4.5 has now been released and contains a patch to plug the security hole that has existed for close to two years, although any site still running on previous versions will be particularly vulnerable to attack. Should a hacker successfully exploit the vulnerability, it would be able to obtain administrator privileges for the website, allowing full control to be handed over to the hacker. It would be possible for all data and content to be stolen and for the owner of the website and all other site users to be locked out.

The vulnerability, discovered by Trustwave SpiderLabs, affects version 3.2 and above and can be exploited using a hacking technique known as SQL injection. All users of versions 3.2 to 3.4.4 are at risk since this critical Joomla vulnerability affects as core module of the CMS, not an extension. Two other security flaws were also patched by the new release.

SQL injection is a common technique used by hackers to gain access to websites. The attacks are conducted by entering in SQL commands into text fields on the front end of website. These commands are misinterpreted by the web application. Instead of treating the input as plaintext, it is interpreted as executable code. As such, if the right commands are entered, the websites can be hijacked. Numerous cyberattacks have been successfully conducted using this very straightforward technique, including the recent hack of mobile and broadband provider TalkTalk.

Critical Joomla vulnerability can be used to gain access to the administrator control panel

Once access has been gained, files can be downloaded including confidential customer information. Since Joomla is used to create e-commerce websites, customers who have previously purchased products through Joomla websites could have their confidential information stolen.

This critical vulnerability can be exploited to extract a browser cookie which can be used to provide the attacker with administrator privileges. If that cookie is loaded into the browser, the hacker can gain access to the back end of the website and can access the administrator control panel. The code required to exploit the vulnerability has already been posted online.

It is therefore imperative that all administrators of Joomla sites update their website software immediately and patch the critical Joomla vulnerability in order to secure their sites.

The importance of updating software patches as soon as they are released

Zero-day vulnerabilities are frequently discovered in popular website applications and content management systems. A failure to install patches promptly leaves websites particularly vulnerable to attack. Code used to exploit the vulnerabilities can easily be found online, and is commonly shared by hackers, white hat and black hat – via online hacking and software development communities. Once an announcement has been made, there will be many amateur and professional hackers willing to exploit the vulnerability. Should that happen, data can be deleted, access rights changed, and customer data stolen.

Google Tackles Ad Injection Malware Threat

Organizations face a growing risk of sensitive data being compromised by ad injection malware. The latest figures released by Google suggest that an organization employing 100 individuals is likely to have at least five computers infected with ad injection malware.

This form of malware causes adverts to be displayed to the user that would not normally appear when visiting websites. The malware infects their browsers and results in annoying adverts being displayed, some of which contain links to legitimate retailers. Others contain much more sinister content. With little control exerted over the individuals placing the ads, cybercriminals are able to take advantage and place adverts containing links to malicious websites.

However, that is not the only security risk. When the malware infects a browser it causes changes to how websites are displayed. A connection to a website would be secured under normal circumstances, preventing third parties eavesdropping on the session. Unfortunately, when a browser is infected, the process used to encrypt the connection is broken. Sessions are no longer encrypted, and any data entered by the user could potentially be seen by a hacker or cybercriminal monitoring their connection.

When accessing a webpage via an open Wi-Fi network, an eavesdropper could quite easily listen in on the session. Usernames and passwords could be revealed as well as other confidential information.

Lenovo laptops were pre-installed with ad injection software

Potentially a user could avoid having their browser infected with the malware, but not if they bought a Lenovo laptop. Even brand new, straight-out-of-the-box laptops had been “infected”. In this case, by Lenovo. They have been shipping brand new laptops with legitimate software installed that inserts adverts into Google searches. The software in question is called Superfish and it functions as an image search engine.

Superfish is able to show adverts by using a root certificate which replaces a trusted website’s security with its own. This is how it is able to display adverts. Unfortunately, the security used by Superfish can easily be cracked. In fact, it already has been, so any Lenovo computer with Superfish installed cannot be used to securely browse the Internet. On an open Wi-Fi network, even a secure website such as an online banking site would not be secure.

Anyone not wishing to lose their privacy could uninstall Superfish. Unfortunately, if the software is uninstalled the security hole remains. The owner of the laptop will be permanently at risk of having their privacy violated and their internet surfing monitored. A problem for any employer allowing Lenovo laptops to be used for BYOD.

Google takes action to protect Chrome users

This type of “malware” is not new of course. The problem is the number of new applications and browser extensions that allow this form of advertising. Google has recently removed approximately 200 Chrome extensions from its web store that are capable of injecting ads into otherwise secure sites. Unfortunately, Google has discovered approximately 34,000 standalone applications that are able to inject ads when users browse the internet. There are approximately 50K Chrome extensions that allow ad injection according to Google researchers.

The solution for now, for employers at least, is to ensure that they do not use open Wi-Fi networks in the workplace. This will prevent any eavesdropping even if a user’s browser has been infected. BYOD participants should be instructed on the risk of using open Wi-Fi networks and told never to use their devices to access work accounts using public Wi-Fi hotspots.

Your Favorite Coffee Shop Filters its Coffee, but not Internet Access

Visiting a coffee shop for a caffeine fix usually means having the opportunity to save some bandwidth by connecting to a free Wi-Fi network. In fact a coffee shop without free Wi-Fi is unlikely to be anywhere near as busy and those offering patrons the opportunity to connect to the Internet for free.

Even airports, restaurants, shopping centers and many pubs allow visitors to connect to their Wi-Fi for free. Many freelance workers even head to cafes to a full day’s work, while others just check email or surf the Internet. The ability to connect to someone else’s Wi-Fi is convenient and saves money. However, as many people discover, it may not be quite as free as they think. Connecting to free Wi-Fi hotspots carries considerable risks. There may actually a considerable cost. Identity theft and the emptying of a bank account!

The importance of a secure Wi-Fi connection

Many free Wi-Fi networks allow any user within range to connect without even having to register. These open networks really are open to anyone, and that means open to criminals as well. When users connect to these networks they allow any individual who is also connected to see a considerable amount of their data. Should a person with the inclination and a modicum of technical skill choose to inspect network traffic, they could potentially see the websites that are visited, read the emails that are sent, and even view login names and passwords. Installing malware on every device that connects is also pretty straightforward.

Not all Wi-Fi networks are open. Some coffee shops and free Wi-Fi hotspots require users to identify themselves. Access can only be gained if users logon. This requires the use of a token or password which is only provided to people who create accounts. These Wi-Fi networks use encryption that prevents data from being intercepted. That does not mean that these networks are entirely secure, only that additional security controls have been employed to make them safer.

If operators of public Wi-Fi networks really want to protect their users from the myriad of viruses and malware on the Internet, additional security controls should be employed. One of the best options in this regard is a web filter (often referred to as an Internet filter or content filter).

The importance of installing a web filter to protect users

A web filter will restrict the websites that can be visited while connected to a network. Many businesses have web filters in place to restrict the websites that employees can access while at work. Many homes have a parental filter in place that stops children (and adults!) from accessing pornographic content, gambling websites, dating sites and other types of website that contain inappropriate or potentially harmful content.

Coffee shops and cafes rarely have these web filters in place. They may filter the coffee, but they certainly do not filter the Internet. This means visitors could access pornographic material, gambling sites, and streaming services, and many of those websites contain really dangerous material – malware, viruses, and malicious code that could result in the users’ devices being infected. In some cases, their device could be compromised to the point that all data entered could be transmitted to a hacker.

Insecure or secure Wi-Fi – The choice is yours

When setting up a Wi-Fi network, the system administrator or operator of that network has a choice: Secure or insecure. The reality is that there is very little difference in terms of time when setting up a secure or insecure network, but there is a world of difference for users.

Even if an insecure network is chosen and kept totally separate from other networks, there is a risk that the insecure Wi-Fi network will be used by hackers to launch an attack on other networks that have been secured. Insecure Wi-Fi should therefore never be chosen.

Would you want your patrons or employees to be infected? What impact would that have on your business?

Are you waving a flag and shouting at hackers to come and attack your network?

Set up an insecure network and you might as well place a sign above your door saying hackers welcome! Attack our visitors and steal from our employees!

Fail to protect your network and your employees and loyal customers could have their privacy violated, devices compromised, and their most sensitive information revealed. The decision not to secure Wi-Fi, which is illegal in some parts of the world, could also be leaving you wide open to a lawsuit. It could also seriously damage your brand’s reputation and end up driving customers away.

Providing the public with free Wi-Fi access? Make sure you…….

Set up a secure password

An insecure password does not really offer much more protection than an open network. If your password is easy to guess, hackers will guess correctly before very long. Don’t use your shop name, use numbers and letters, include capital letters and even some symbols. Never use a name with a date appended to the end, or a number sequence such as 1234. Also do not use common words with a few specific characters replaced with numbers. You may think they are hard to guess, but not for a bot that tries many different common combinations.

Block the content that can be accessed through your network

Would you like a child to accidentally see the screen of someone viewing hardcore pornography while connected to your network? Would you like to deal with law enforcement officers when they visit you to find out why one your visitors are downloading terrorist manuals from your establishment? Of course not!

The answer is to restrict the content that can be viewed, and to do that you need to install a web filter such as WebTitan Wi-Fi. Its low cost, easy to set up, and it will restrict the websites that can be accessed through your network.

Filtering Wi-Fi should be as important to you as filtering your water and coffee. More so in fact. It protects you and it protects your customers. If your focus is providing a quality service for your customers, the provision of a web filter is essential. It could be the difference between a customer visiting your establishment or going to a more secure competitor.