Collaborate Disseminate
Developers of Drupal—a popular open-source content management system software that powers millions of websites—have released the latest version of their software to patch a critical vulnerability that could allow remote attackers to hack your site.
Th… Continue reading Another Critical Flaw in Drupal Discovered — Update Your Site ASAP!
In the Drupal logs on my dev site there are “page not found” reports that are obviously from a bot trying out well known urls (e.g. /wp-login). But I have set up apache basic auth and I am the only person who knows the passwo… Continue reading Drupal logs are reporting 404s from bot visits but I have apache basic auth set up
I am interesting in knowing how Drupal, Wordpress and Joomla have managed password encryption (hashing algorithims) across their various releases, from the very first to the latest.
Thanks.
Continue reading How various CMS encrypt password across past releases
Two code execution flaws patched in Drupal, 773 million records exposed in massive data breach, prices for zero-day exploits are rising, new attacks target recent PHP framework vulnerability, and Microsoft launches a new Azure DevOps Bug Bounty pro… Continue reading DerbyCon, Flaws, & Azure DevOps – Paul’s Security Weekly #590
Despite fewer plugins being added to Wordpress last year, the CMS saw an astounding tripling of vulnerabilities in its platform in 2018. Continue reading ThreatList: WordPress Vulnerabilities Tripled in 2018
As the bug bounty programs begin to roll out in January, security experts worry that the programs miss the mark on truly securing open source projects. Continue reading EU Offers Bug Bounties For 14 Open Source Projects
Visitors of the international website of the US-based non-profit Make-A-Wish Foundation have had their computing power misused to covertly mine cryptocurrency, Trustwave researchers have found. The compromise In-browser cryptomining is not illegal and … Continue reading Make-A-Wish website compromised to serve cryptojacking script
Hackers took advantage of an unpatched Drupal vulnerability in the organization’s website to launch a cryptojacking attack. Continue reading Cryptojacking Attack Targets Make-A-Wish Foundation Website
The popular Drupal content management system received fixes for five serious vulnerabilities that allow for remote code execution and could help hackers break into websites. Two of the patched vulnerabilities are rated critical. One is located in the … Continue reading Drupal Patches Critical Remote Code Execution Flaws
Drupal website owners have some important patching homework to do. Continue reading Patch now! Multiple serious flaws found in Drupal