The content management tool Joomla! is being targeted by a zero-day vulnerability just days after the weakness was discovered with the first attacks hitting just before the patch was issued.
Kaspersky Labs' threat post reported the patch for the zero-day vulnerability, which was spotted on December 12 and affected Joomla! versions 1.5.0 through 3.4.5, was issued December 14. However, attacks were spotted in the wild before the patch was issued.
Daniel Cid, founder & CTO of Sucuri, called for Joomla! users to update their software immediately.
“We detected many more exploits from this same IP address “220.127.116.11” on Dec 12th, followed by hundreds more exploit attempts from 18.104.22.168 and 22.214.171.124 on Dec 13th. Today (Dec 14th), the wave of attacks is even bigger, with basically every site and honeypot we have being attacked. That means that probably every other Joomla site out there is being targeted as well,” Cid wrote in a blog.