Using Joomla content management system for your website? Check out the version you have to see if you need a security patch ASAP! It’s crucial to ensure you have the latest update that was recently released. Without this patch, your website is vulnerable to hackers’ exploits. This patch is for versions 2.5.x to 2.5.13 and 3.x to 3.1.4. For these versions, anyone with access to the media manager can upload .PHP files by just putting a “.” (period) at the end of PHP file names. The latest versions (2.5.14 and 3.1.5) repair this bug; however, if you’re using an earlier version that is unsupported (1.5.x), attackers can access these sites without having a Joomla account.
These attacks on Joomla sites began with just 100 Joomla-hosted sites. This bug was found by the web security firm, Versafe, which says most of the compromised sites were financial institutions in the Middle East, Asia and Europe. This bug became apparent to Versafe because they saw a rise in the number of malware and phishing attacks coming from legitimate Joomla-based websites. These attacks were widespread and aggressive as well as being successful in infecting visitors to these Joomla-based sites. For more information, read more here, here or here…