Joomla is a popular content management system; that is very extensible. This popularity and wide range of extensions makes it a popular target for hackers.

The Joomscan tool has the following features:

Back in 2009 HackerTarget.com had the Joomscan scanner as a free scanning tool, however due to abuse we decided to dis-continue the tool. With a recent update we have decided to make this version an extension of our current non-intrusive tool. Use of the active Joomscan component will require a valid HackerTarget.com membership. This will ensure any abuse of the tool is limited; and will provide a better experience for all our users.

Joomscan is a perl based tool that anyone can download and install. Why not give it a go yourself. Head over to the project page and start your own testing.

The primary reason for the change is that even with multiple layers of restrictions in place, a very small percentage of users continued to attempt to abuse the systems.

While the occurrences of abuse was very low, the ongoing maintenance required when playing a game of whack a mole was taking time away from further development and improvements to the services on offer. Blacklists were continually being updated with free email provider domains, Tor IP addresses, and other anonymous services.

Security Scans that are now restricted include the Nikto Web Site Scanner, the SQL Injection Scan and the OpenVas Vulnerability Scan. These are scans that are quite noisy and can result in Intrusion Detection Systems Alerts and large numbers of log file entries.

All non-intrusive security scans and information gathering tools will continue to be available for Free as will be the most popular on-line Nmap scan.

Membership will provide access to all current scans and some new tools that are under development. The requirement to pay for membership adds an additional layer of identification before any intrusive scans can be initiated.

Information technology professionals who use our services will find the low cost and enhanced service offerings a most welcome addition.

Stay in touch with twitter or our new mailing list for these exciting new developments.

Regards,

Peter
Director and Lead Analyst

Recall back in November last year when we published a history of sql injection attacks, and followed that up with a sql injection tutorial. The purpose of these publications is to increase awareness of sql injection and to familiarize users with securing dynamic web applications. For testing and understanding the attack we have an online sql injection test that allows anyone to quickly test a HTTP GET based URL for a sql injection vulnerability.

It is normal to assume that when implementation of security has a cost associated with it; in the form of development time or code fixing, there will be those who hold off until disaster strikes. However it seems that unless that disaster directly affects the organisation, pushing applications out that have been untested or security reviewed continues to be the normal practice.

Sony has been having all sorts of data breach problems lately — namely a million passwords from the Sony Pictures site, 77 million accounts from the PlayStation Network, and nearly 25 million user accounts from Online Entertainment. I was curious how these recent attacks compared to the largest known data loss incidents, so I headed over to DataLossDB. Sony now holds spots #4 and #10 for largest breaches of all time.

Recently I put together a slide rocket of 10 years of SQL Injection History, however I don’t think my design Fu is quite up there with the flowing data guys.

Largest Data Breaches of All Time – FlowingData.com

This is a good example of current threats that website operators as well as end users should all be aware of, a high profile site gets hacked and poses a signifcant threat to the end user.

Once downloaded and run, the PDF files exploit a vulnerability and make the system download a version of the ever-so-popular ZeuS Trojan.

According to Trend Micro’s Rik Ferguson, the server in question is located in Germany and is hosted by Netdirect – not a stranger to hosting malicious sites.

A few hours ago, TechCrunch tweeted that they “are aware of the (annoying) malware warning about the @TCEurope site”, and that they are trying to fix it.

The awkward phrasing makes me think they thought at the time that there was some kind of mistake and not a legitimate warning. The site hasn’t been taken down in the meantime, and there is no official
update on the situation.

Ferguson warns that the ZeuS variant is currently detected by only 2 out of 43 anti-malware solutions used by VirusTotal, so it’s best to avoid the site altogether until they manage to clean its code.

TechCrunch Europe hacked, serving malware

TEHRAN (FNA)- An Iranian cyber group announced that it has hacked more than 1,000 important governmental websites of the US, Britain and France in protest at their support and financial aids to anti-Iran terrorist groups.

“To commemorate the Day of Campaign against Terrorism and the martyrdom anniversary of (former Iranian President Mohammad Ali) Rajayee and (his Prime Minister Mohammad Javad) Bahonar (by the terrorist Mojahedin-e Khalq Organization), the group rose to protest at the inhumane measures of the supporters of terrorism, with the US
and Britain standing on top of them, through a new method and hacked and changed the pages of more than 1,000 of their websites,” Behrouz Kamalian, Head of the Iranian Ashiyaneh (nest) cyber group, told FNA on Monday.

Iran’s Cyber Army Hacks 1,000 US, British, French Gov’t Websites

[QUOTE]Websites operated by the US Treasury Department are redirecting
visitors to websites that attempt to install malware on their PCs, a
security researcher warned on Monday.

The infection buries an invisible iframe in bep.treas.gov,
moneyfactory.gov, and bep.gov that invokes malicious scripts from
grepad.com, Roger Thompson, chief research officer of AVG
Technologies, told The Register. The code was discovered late Sunday
night and was active at time of writing, about 12 hours later.[/QUOTE]

http://www.theregister.co.uk/2010/05/03/treasury_websites_attack/

From the Matrix:
Trinity: Hello Neo.
Neo:How do you know that name
Trinity: I know a lot about you
Neo: Who are you?
Trinity: My name’s Trinity
Neo: Trinity…THE Trinity? The one who hacked the IRS D-Base?
Trinity: That was a long time ago
Neo: Jesus
Trinity: What?
Neo: I just thought…you were a guy
Trinity: Most guys do

To the horror of Latvia’s political establishment, a mysterious group of computer hackers is threatening to expose the incomes of top officials after stealing millions of government tax records.

The group, calling itself the People’s Army of the Fourth Awakening, claimed to have downloaded more than 7.5 million documents, including VAT receipts and income tax returns, from the State Revenue Service
(SRS) after exploiting a security loophole on its website.

One hacker used the name Neo, in apparent tribute to the hero of The Matrix science-fiction films, in which a vast system for enslaving humanity is exposed. He or she claimed that the documents revealed the
extent of official hypocrisy over belt-tightening reforms introduced as Latvia’s economy reeled under the impact of the global economic crisis. “The purpose of the group is to unmask those who gutted the country,”
Neo told the Latvian television current affairs programme Kas Notiek Latvija in an interview posted on its website.

Neo has been hailed as a digital Robin Hood by disgruntled Latvians after posting details from the documents on the internet to contrast the earnings of top officials with cuts experienced by other workers.

Times Online – Latvia in turmoil after hacker exposes establishment salaries

Based on Ubuntu and well tested this is an outstanding release, and we wish the Offensive Security Team all the best with the 2010.

Download Back-Track now and get cracking with some serious Security Testing. Explore the Offensive-Security, Back-Track websites, and the forums for Guides, Tutorials and FAQ’s.

Real security can only be achieved through awareness, knowledge and some clever tools.

What has happened is that entities within China, that may or may not be the Chinese Government or at least backed by the Chinese Government have been caught accessing Google’s computer systems through unauthorised means. Some articles say some Gmail accounts were hacked, others indicate it may have been more serious, as Google has a back end system that allows them to easily collect all data on individuals from Google services. This is used when supplying information to law enforcement, and the indications are this system may have been accessed.

The most notably thing is that it has been caught and is being talked about in a big way.

Here is a good perspective from the Shadowserver foundation.

Little by little organizations of all types are being broken into and having intellectual property and other information stolen.

Unfortunately we can tell you these scenarios are playing out day in and day out on a massive scale, whether we recognize it or not.

Cyber Espionage Intrusions Run Rampant: Google Compromise is *NOT* atypical

Targeted cyber intrusions are occurring daily at a very staggering level. Industries in the United States are heavily targeted but this truly is a global problem that is facing nearly every nation. These are not your run of the mill cyber attacks. They may have varying levels of sophistication, however, the attacks are often much more advanced than what most users have and will likely ever see. The next closest thing, perhaps on a parallel playing field, is those that are stealing vast amounts of money from banking systems that require two-factor authentication and/or dual approvers to transact. In these cases the attacks often start off extremely broad and are narrowed down.

http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20100119

Whether we get the full picture or not, the one thing that is certain is that something annoyed Google, who had up until now been censoring results on behalf of the Chinese Government.

Additional Links:
http://www.csmonitor.com/USA/2010/0113/China-cyber-attacks-Google-only-one-of-many-US-targets
http://www.wired.com/threatlevel/2010/01/hack-for-oil/
http://www.ironcove.net/2008/04/when-dragons-attack-tibetan-hacking-review/