The Joomla team just released a new Joomla version (3.4.5) to fix some serious security vulnerabilities. The most critical one is a remote and unauthenticated SQL injection on the com_contenthistory module (included by default) that allows for a full take over of the vulnerable site.
If you are a Joomla user, you have to patch your site now! If your site is behind our Website firewall (CloudProxy) you were already protected even before the disclosure via the Virtual Hardening / Patching engine, which focuses on generic SQLi attack vectors.
Friday, October 23, 2015