PHILADELPHIA, PA — (Marketwired) — 08/12/13 — Versafe today announced the publication of a Versafe Intelligence Brief entitled –. The report summarizes the discovery of a vulnerability that had put websites hosted on the Joomla content management system at risk of being hijacked for use in malware payload and phishing attacks. A forensics investigation of the exposed sites by researchers at the Versafe Security Operations Center also discovered a zero-day attack found in the wild, which enabled attackers to gain full control over the compromised systems. After disclosing details of the vulnerability to the Joomla Security Strike Team, a on the Joomla! Developer Network for versions 2.5.x and 3.1.x of the platform, as well as a community-developed fix for 1.5.x.
“What brought this vulnerability to our attention was that we noticed a sharp increase in the number of phishing and malware attacks being hosted from legitimate Joomla-based sites,” said Eyal Gruner, CEO of Versafe. “The series of attacks exploiting this vulnerability were particularly aggressive and widespread — involved in over 50% of the attacks targeting our clients and others in EMEA — and ultimately successful in infecting a great many unsuspecting visitors to genuine websites. Versafe is committed to helping Joomla protect its large community of platform users and end-users, through having shared key findings specific to this exploit.”
Both the exploit and zero-day attacks were detected by the Versafe Security Operations Center — leveraging its TotALL Online Fraud Protection Suite, a server-side malware and online threat protection solution — that in several customer implementations had been deployed via -s , including the (ASM) web application firewall.
“There-s no silver bullet for security, so F5 recommends a defense-in-depth approach,” said Mark Vondemkamp, VP of Security Product Management and Marketing at F5. “By partnering with leading security-focused organizations such as Versafe, F5 is able to further enhance the protection capabilities offered by BIG-IP ASM and its other to benefit joint customers.”
The report, which can be downloaded at , provides a step-by-step description of how the attacks were initiated, from vulnerability assessment to server takeover and malware deployment.
Versafe enables organizations to proactively ensure the integrity of each online customer relationship, protecting against the spectrum of malware and online threat types, across all devices, while being fully transparent to the end-user. Clients have actualized a significant decrease in the number and impact of malware, phishing, and other online attacks — enabling step-change reduction in both fraud losses as well as an increase in fraud management efficiencies — routinely yielding investment payback in just weeks. With over 30 customers internationally, Versafe is backed by Susquehanna Growth Equity.
For more information, please visit: .
F5, BIG-IP, Application Security Manager, and ASM are trademarks or service marks of F5 Networks, Inc., in the U.S. and other countries. All other product and company names herein may be trademarks of their respective owners. The use of the words “partner,” “partnership,” or “joint” does not imply a legal partnership relationship between F5 Networks and any other company.
Elizabeth Safran
Looking Glass Public Relations for Versafe
408-348-1214
You must be logged in to post a comment Login