Astra Web Security Blog - Website & CMS Security News

astra, web, security, blog, website, cms, security, news

The importance of privacy was recognized from archaic times when in 300 B.C. when Aristotle differentiated the public and private sphere of one's life. Fast forward to the current era of connected devices and internetworked technologies, making it difficult to keep the private information actually private. Most of the times we end up sharing crucial information on the internet, which…

About the Joomla SQLi If you are using the version 3.7 of popular CMS Joomla! an update awaits your approval. The version 3.7 suffers from a severe SQLi (SQL Injection) vulnerability with a dread score of 8.6/10 and easy exploitation. An update for the same was released in next patch. All details for the same have been mentioned below. Identifying…

When it comes to empowering retailers and brands, Magento is one of the most widely used e-commerce platforms. However, with great power comes greater responsibility of adhering to security practices for safe e-commerce businesses. On the contrary, Magento is one of the highest targeted e-commerce platforms for credit card fraud and user credential theft, with a staggering 62% of stores…

3 Most Common Vulnerabilities found in Joomla

Award winning CMS Joomla is a popular choice for many businesses. Owing to its large user base, this CMS regularly encounters a wide-range of security related issues. In this article, we discuss 3 of the most common vulnerabilities encountered in various Joomla versions in the  past. 1. SQL Injection Vulnerability Recently, Joomla 3.7 became victim to an SQL Injection Vulnerability: CVE-2017-8917. Easily…

Third in line for the world's most popular Content Management System after juggernaut Wordpress and Joomla, Drupal is a sought after CMS powering websites including MTV, Popular Science, Sony Music, Harvard and MIT. Like every other CMS, Drupal has been at the center of notoriety a few times due to impending vulnerabilities in it. Listed below are the 5 most critical…

4-times-hack-sshut-companies-getastra.com

The recent outbreak of the WannaCry ransomeware and the havoc it created globally is a grim reminder of the susceptible state of our online security systems. Such events have shown that no-one is immune to cyber crimes -  not large corporations, small businesses, startups, government agencies or even your most benign looking single user. According to IBM, 62% of all cyber-attacks…

In an age when we are constantly developing innovative solutions to brace against sophisticated cyber attacks, we often underestimate the havoc that can be unleashed by the benign-looking, more elementary attack forms. They may not make big headlines as the high-profile cyber attacks, but they can be disastrous as well. Local File Execution (LFI) and Remote File Execution (RFI) are similar…

As another grim reminder of the susceptible state of our cyber security systems, a massive ransomware has struck computers worldwide. What started as an attack on the servers of Russia's biggest oil company and disrupting of operations at Ukrainian banks, the Petya Ransomware has now also spread to computers in Romania, the Netherlands, Norway, France, Spain, Britain, and Australia. The most…

Magento Amasty RMA Plugin

About Amasty RMA Extension Vulnerabilities During a security audit engagement with a client using Magento, our engineers discovered a few critical vulnerabilities in Amasty RMA extension. The first vulnerability allows a hacker to upload malicious files on the server. Since php files can also be uploaded, a hacker can easily upload malicious shells like c99, r57, anishell etc to the…

15 Signs Your Website Has Been Hacked

Most customers discover that their website is hacked on seeing the 'Red Screen of Death' by Google or when a customer tells them. This can be dangerous because it means your website has been infected for a long time and may have damaged your website's reputation and privacy. Websites have become central to all businesses these days. They handle everything from e-Commerce…

Close