Serious Phar Flaw Allows Arbitrary Code Execution on Drupal
Drupal, Typo3 and Joomla are all impacted by the bug. Continue reading Serious Phar Flaw Allows Arbitrary Code Execution on Drupal
Category Archives: Drupal
Drupal Releases Core CMS Updates to Patch Several Vulnerabilities
Drupal, the popular open-source content management system, has released security updates to address multiple “moderately critical” vulnerabilities in Drupal Core that could allow remote attackers to compromise the security of hundreds of thousands of w… Continue reading Drupal Releases Core CMS Updates to Patch Several Vulnerabilities
Monero cryptominers hijack hundreds of unpatched Docker hosts
A recently-disclosed vulnerability in the Docker containerisation platform is being exploited by cybercriminals to mine the Monero (XMR) cryptocurrency on hundreds of servers. Continue reading Monero cryptominers hijack hundreds of unpatched Docker hosts
Hackers Actively Exploiting Latest Drupal RCE Flaw Published Last Week
Cybercriminals have actively started exploiting an already patched security vulnerability in the wild to install cryptocurrency miners on vulnerable Drupal websites that have not yet applied patches and are still vulnerable.
Last week, developers of t… Continue reading Hackers Actively Exploiting Latest Drupal RCE Flaw Published Last Week
Latest WinRAR, Drupal flaws under active exploitation
CVE-2018-20250, a WinRAR vulnerability that allows attackers to extract a malicious executable to one of the Windows Startup folder to be executed every time the system is booted, and CVE-2019-6340, the remote execution flaw affecting the popular Drupa… Continue reading Latest WinRAR, Drupal flaws under active exploitation
Bugs, Breaches, and More! – Application Security Weekly #52
Many websites threatened by highly critical code-execution bug in Drupal, UK parliament calls for antitrust, data abuse probe of Facebook, CommitStrip: Get rich quick, Google says the built-in microphone it never told Nest users about was ‘ne… Continue reading Bugs, Breaches, and More! – Application Security Weekly #52
Latest Drupal RCE Flaw Used by Cryptocurrency Miners and Other Attackers
Another remote code execution vulnerability has been revealed in Drupal, the popular open-source Web content management system. One exploit — still working at time of this writing — has been used in dozens of unsuccessful attacks against ou… Continue reading Latest Drupal RCE Flaw Used by Cryptocurrency Miners and Other Attackers
Drupal Patches Highly Critical Remote Code Execution Vulnerability
Websites based on the Drupal content management system might be affected by a highly critical vulnerability that could result in remote code execution. The vulnerability affects websites running Drupal 8 with RESTful Web Services (rest) module enabled… Continue reading Drupal Patches Highly Critical Remote Code Execution Vulnerability
Highly Critical Drupal RCE Flaw Affects Millions of Websites
Admins should update immediately to fix a remote code-execution vulnerability. Continue reading Highly Critical Drupal RCE Flaw Affects Millions of Websites
Highly critical Drupal RCE flaw could lead to new Drupalgeddon, patch now!
A new Drupalgeddon might be brewing: a highly critical vulnerability affecting all versions of the popular content management framework could allow hackers to take over vulnerable Drupal installations and the websites running on them. About the vulnera… Continue reading Highly critical Drupal RCE flaw could lead to new Drupalgeddon, patch now!