The hacktivist group Anonymous has attacked at least 97 websites in Japan since September, the country’s police has revealed. The attacks are meant to protest controversial whaling practices in the East Asian country.
The websites of government offices, groups involved in dolphin and whale hunting, aquariums, news organizations and airports have been targeted, Japanese national broadcaster NHK reported. Among the highest-profile cases was the downing of the personal website of Prime Minister Shinzo Abe last week.
Attackers are actively exploiting a critical remote command-execution vulnerability that has plagued the Joomla content management system for almost eight years, security researchers said.
A patch for the vulnerability, which affects versions 1.5 through 3.4.5, was released Monday morning. It was too late: the bug was already being exploited in the wild, researchers from security firm Sucuri warned in a blog post. The attacks started on Saturday from a handful of IP addresses and by Sunday included hundreds of exploit attempts to sites monitored by Sucuri.
“Today (Dec 14th), the wave of attacks is even bigger, with basically every site and honeypot we have being attacked,” the blog post reported. “That means that probably every other Joomla site out there is being targeted as well.”
The researchers went on to advise people who administer Joomla sites to search logs for the IP addresses 126.96.36.199, 188.8.131.52, or 184.108.40.206, since those were the first ones observed carrying out the attacks. Sucuri also recommended admins search logs for events that use “JDatabaseDriverMysqli” and “O:” in the user agent. Systems that test positive for any of the strings should be presumed compromised and undergo a thorough scan and clean-up regimen.
Joomla 1.5 was released in January 2008, making the bug almost eight years old. Version 3.4 was released earlier this year. It’s not yet clear exactly what happens to vulnerable systems that are exploited. This post will be updated if those details become available later.
SOURCE: Dan Goodin | Ars Technica
Some 80% of applications written in PHP, Classic ASP and ColdFusion failed at least one of the OWASP Top 10, according to new research conducted by Veracode.
The app security firm released a supplement to its State of Software Security: Focus on Application Development report, covering automated assessments for 208,670 separate apps over the past 18 months.
It found that applications written in web scripting languages are much more likely to contain vulnerabilities than those written in .NET or Java.
In fact, 64% of apps written in Classic ASP, 62% of those written in ColdFusion, and 56% of PHP apps were found to have at least one SQL injection vulnerability, compared to just 29% of .NET applications and 21% of Java apps. Continue reading