Drupal – Page 8 – WindowsTechs.com

Kitty malware gets its claws into Drupal websites to mine Monero

Posted on May 3, 2018 by Graham Cluley

Websites running vulnerable versions of the Drupal content management system are being targeted by the latest incarnation of the Kitty malware family.
Read more in my article on the Tripwire State of Security blog.
Continue reading Kitty malware gets its claws into Drupal websites to mine Monero→

Kitty malware gets its claws into Drupal websites to mine Monero

Posted on May 3, 2018 by Graham Cluley

Websites running vulnerable versions of the Drupal content management system are being targeted by the latest incarnation of the Kitty malware family.
The post Kitty malware gets its claws into Drupal websites to mine Monero appeared first on The State… Continue reading Kitty malware gets its claws into Drupal websites to mine Monero→

Drupwn – Drupal Enumeration Tool & Security Scanner

Posted on May 1, 2018 by Darknet

Drupwn is a Python-based Drupal Enumeration Tool that also includes an exploit mode, which can check for and exploit relevant CVEs.

Drupwn Drupal Enumeration Tool Hacking Features
Drupwn can be run, using two separate modes which are enum and exploit…. Continue reading Drupwn – Drupal Enumeration Tool & Security Scanner→

State threat-sharing center warns of multiple PHP vulnerabilities

Posted on April 27, 2018 by Sean Lyngaas

A popular programming language contains multiple vulnerabilities, the worst of which could allow attackers to execute commands of their choice, according to a new advisory from the Multi-State Information Sharing and Analysis Center. The center said the vulnerabilities were a high risk to government organizations and businesses of all sizes. The vulnerabilities concern the Hypertext Preprocessor (PHP), an open-source script language for web development. “Depending on the privileges associated with the application, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights,” warned the MS-ISAC, a threat-sharing center for state, local, tribal and territorial government agencies. The advisory urges users to upgrade to the newest PHP version immediately after testing, and to ensure that there haven’t been any unauthorized system changes before applying patches. Tom Kellermann, chief cybersecurity officer at cloud-security firm Carbon Black, said the PHP revelations were evidence of slack attention […]

The post State threat-sharing center warns of multiple PHP vulnerabilities appeared first on Cyberscoop.

Continue reading State threat-sharing center warns of multiple PHP vulnerabilities→

Critical Drupal vulnerability now being exploited in the wild; users urged to patch ASAP

Posted on April 27, 2018 by Filip Truta

The Drupal security team is urging users of its open-source content management platform to update the core software, or at the very least install the latest patches, as hackers are now actively exploiting a critical vulnerability. A remote code executi… Continue reading Critical Drupal vulnerability now being exploited in the wild; users urged to patch ASAP→

New Drupal RCE vulnerability under active exploitation, patch ASAP!

Posted on April 26, 2018 by Zeljka Zorz

Yet another Drupal remote code execution vulnerability has been patched by the Drupal security team, who urge users to implement the offered updates immediately as the flaw is being actively exploited in the wild. The vulnerability (CVE-2018-7602) affe… Continue reading New Drupal RCE vulnerability under active exploitation, patch ASAP!→

Release of PoC Exploit for New Drupal Flaw Once Again Puts Sites Under Attack

Posted on April 26, 2018 by Swati Khandelwal

Only a few hours after the Drupal team releases latest updates to fix a new remote code execution flaw in its content management system software, hackers have already started exploiting the vulnerability in the wild.

Announced yesterday, the newly dis… Continue reading Release of PoC Exploit for New Drupal Flaw Once Again Puts Sites Under Attack→

CVE-2018-7602 Highly Critical Drupal Bug Actively Exploited in the Wild

Posted on April 26, 2018 by Milena Dimitrova

Drupalgeddon continues with one more remote code execution bug has been discovered in content management system. Identified as CVE-2018-7602, the highly critical vulnerability affects Drupal versions 7.x and 8.x. Affected users should immediately upgra… Continue reading CVE-2018-7602 Highly Critical Drupal Bug Actively Exploited in the Wild→

Police Shut Down Largest DDoS-for-Hire Marketplace

Posted on April 25, 2018 by Lucian Constantin

A large marketplace that allowed users to rent distributed denial-of-service (DDoS) infrastructure from hackers has been shut down following a global law enforcement operation led by police agencies from the Netherlands and the UK. Known as webstresse… Continue reading Police Shut Down Largest DDoS-for-Hire Marketplace→

Third Critical Drupal Flaw Discovered—Patch Your Sites Immediately

Posted on April 25, 2018 by Mohit Kumar

Damn! You have to update your Drupal websites.

Yes, of course once again—literally it’s the third time in last 30 days.

As notified in advance two days back, Drupal has now released new versions of its software to patch yet another critical remote co… Continue reading Third Critical Drupal Flaw Discovered—Patch Your Sites Immediately→