Application Security News

Print Friendly, PDF & Email

Coast Central Credit Union Breached

Krebs writes about the website of the Coast Central Credit Union that was breached using a vulnerability in an outdated Joomla component. An interesting aspect of this breach is the fact that the hackers did not seem to actually do any malicious actions post the breach:

Holden said he’s discovered more than 13,000 sites that are currently infected with Web shells just like the one that hit Coast Central Credit Union, and that the vast majority of them are Joomla and WordPress blogs that get compromised through outdated and insecure third-party plugins for these popular content management systems. Worse yet, all of the 13,000+ backdoored sites are being remotely controlled with the same username and password.

“It’s a bot,” he said of the self-replicating malware used to deploy the Web shell that infested the credit union’s site. “It goes and exploits vulnerable sites and installs a backdoor with the same credentials.”

Everyone is a target now. The automation of hacking has made the act of compromising websites extremely easy. Most hackers can buy the hacking application and set it up to run overnight; it then finds and creates holes in websites by itself. Many of these tools are sold by organized groups who even offer phone and email support!

The automation of cybercrime has made everyone a target.Click To Tweet

The Barracuda Web Application Firewall provides security for your website against web application attacks. It is easy to deploy and secures your website with a few clicks of a mouse. Contact us for a 30 day evaluation to try the Barracuda Web Application Firewall at no risk.

Still Think You don’t need HTTPS?

Information Security Consultant Scott Helme shows us how HTTPS is now a necessity and busts a set of persistent myths that have been used as excuses to avoid the HTTPS transition.

Verizon Enterprise Solutions breach puts 1.5 Million customer records at risk  

A vulnerability on the Verizon Enterprise Solutions client portal leads to a breach of a contact information database.

According to KrebsOnSecurity, “a prominent member of a closely guarded underground cybercrime forum posted a new thread advertising the sale of a database containing the contact information on some 1.5 million customers of Verizon Enterprise.” The entire database was priced at $100,000, or $10,000 for each set of 100,000 customer records. “Buyers also were offered the option to purchase information about security vulnerabilities in Verizon’s Web site,” security journalist Brian Krebs reported.

  Barracuda Vulnerability Manager  
The Easiest Way to go from
Detecting to Securing
against Website Vulnerabilities.
Learn more:
Official Product Site
Corporate Blog

The Barracuda Web Application Firewall can protect your web/mobile sites and applications against application threats – whether they are known or unknown (Zero day). With its inbuilt Data Theft Protection, the Barracuda Web Application Firewall ensures that sensitive data cannot be stolen from a web site or application by a malicious actor.

More information on the Barracuda Web Application Firewall’s protection capabilities against the top 10 biggest web site threats is available in this whitepaper (pdf).

A thought provoking tweet from Scott Piper on Cyber insurance:

And a fun one on SQL Injection from @nixcraft:

https://twitter.com/nixcraft/status/715488741012287491?lang=en

The Barracuda Web Application Firewall provides security and DDoS protection against automated and targeted attacks.  We offer several deployment options, including physical and virtual appliances, and Azure, AWS, and vCloud Air.


Tushar Richabadas is a Product Manager for the Barracuda Web Application Firewall team in our India office.  You can connect with him on LinkedIn here.

 

Scroll to top
Tweet
Share
Share