Worldstack | Joomla and SQL Injection attacks
7943
post-template-default,single,single-post,postid-7943,single-format-standard,ajax_fade,page_not_loaded,,qode-theme-ver-2.9,wpb-js-composer js-comp-ver-4.12,vc_responsive

Blog

Joomla and SQL Injection attacks

  |   Cyber Intelligence, Cyber Security, Open Source Intelligence, OSINT, Security, Threat actors, Threat Intelligence

 

Last week Providence picked up a significant increase in chatter about Joomla and SQL Injection attacks as can be seen in Figure 1 below.
 

Figure 1 – Overall weekly cyber chatter
 
 

Drilling down into this information as seen in Figure 2 below identifies that most the chatter is in relation to the Joomla Store for K2 3.8.2 Component – SQL Injection Vulnerability. For details of this exploit please refer to www[.]exploit-db.com/exploits/41440/
 

Figure 2 – Filtered chatter results
 
 
The chatter which Providence identified was collected from a mix of sources, some being media outlets and security blogs, while others were cyber threat actors posting about the vulnerability.
 
What is interesting is several threat actors were identified as leveraging the chatter around this vulnerability as a means of selling their own services. One of these can be seen in Figure 3 below.
 

Figure 3 – Threat actor post in Providence
 
 
This threat actor has been known to WorldStack for several years so it was interesting to find him promoting his website where people can purchase exploits. While he uses the term Zero Day it is unlikely any of his exploits are actual zero day vulnerabilities. It is more likely he uses this term to grab people’s attention.
 

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Figure 4 – Threat actor post and profile screenshots