Drupal Warns Web Admins to Update CMS Sites to Patch a Critical Flaw

If you haven’t recently updated your Drupal-based blog or business website to the latest available versions, it’s the time.

Drupal development team yesterday released important security updates for its widely used open-source content management softwa… Continue reading Drupal Warns Web Admins to Update CMS Sites to Patch a Critical Flaw

Latest Drupal RCE Flaw Used by Cryptocurrency Miners and Other Attackers

Another remote code execution vulnerability has been revealed in Drupal, the popular open-source Web content management system. One exploit — still working at time of this writing — has been used in dozens of unsuccessful attacks against ou… Continue reading Latest Drupal RCE Flaw Used by Cryptocurrency Miners and Other Attackers

Drupalgeddon, USPS, & JavaScript – Application Security Weekly #41

Hackers use Drupalgeddon 2 and Dirty COW exploits to take over web servers, second WordPress hacking campaign underway, USPS took a year to fix a vulnerability that exposed all 60 million users’ data, this JavaScript can snoop on other Browser Ta… Continue reading Drupalgeddon, USPS, & JavaScript – Application Security Weekly #41

VPNFilter Targets More Devices Than Initially Reported

The sophisticated VPNFilter botnet that enslaved more than 500,000 routers and network-attached storage (NAS) devices is capable of infecting more devices than initially believed. The initial reports about VPNFilter identified 16 device models from Li… Continue reading VPNFilter Targets More Devices Than Initially Reported

Microsoft, GitHub, and Drupalgeddon pt. II – Hack Naked News #176

This week, iOS updates, hacker charged with murder, a steaming vulnerability, to pay or not to pay the ransom, Drupal still vulnerable, freaking out over GitHub, and this day in something forever. Jason Wood of Paladin Security joins us for the expert … Continue reading Microsoft, GitHub, and Drupalgeddon pt. II – Hack Naked News #176

Over 115,000 Drupal Sites Still Vulnerable to Drupalgeddon2 Exploit

Hundreds of thousands of websites running on the Drupal CMS—including those of major educational institutions and government organizations around the world—have been found vulnerable to a highly critical flaw for which security patches were released al… Continue reading Over 115,000 Drupal Sites Still Vulnerable to Drupalgeddon2 Exploit

A look into the Drupalgeddon client-side attacks

Back-to-back Drupal zero-day vulnerabilities are being monetized with malicious web cryptominers.
Categories:

Cryptomining
Threat analysis

Tags: CMScontent management systemsdrupaldrupalgeddonmalicious cryptomining

(Read more…)

The p… Continue reading A look into the Drupalgeddon client-side attacks

Drupalgeddon, SAP Vulnerabilities, PHP Hack Naked News #171

Drupalgeddon part 3 – the sequel, teenage SAP vulnerabilities, PHP is vulnerable, hacking Apple MFi, Oracle, Mass pays the ransom, and hacking into a prison will land you in prison. Jason Wood from Paladin Security joins us for expert commentary … Continue reading Drupalgeddon, SAP Vulnerabilities, PHP Hack Naked News #171

Hackers Exploiting Drupal Vulnerability to Inject Cryptocurrency Miners

The Drupal vulnerability (CVE-2018-7600), dubbed Drupalgeddon2 that could allow attackers to completely take over vulnerable websites has now been exploited in the wild to deliver malware backdoors and cryptocurrency miners.

Drupalgeddon2, a highly cr… Continue reading Hackers Exploiting Drupal Vulnerability to Inject Cryptocurrency Miners

Hackers Have Started Exploiting Drupal RCE Exploit Released Yesterday

Hackers have started exploiting a recently disclosed critical vulnerability in Drupal shortly after the public release of working exploit code.

Two weeks ago, Drupal security team discovered a highly critical remote code execution vulnerability, dubbe… Continue reading Hackers Have Started Exploiting Drupal RCE Exploit Released Yesterday