LSW Posted April 16, 2018 Report Share Posted April 16, 2018 Hackers Have Started Exploiting Drupal RCE Exploit Released Yesterday https://thehackernews.com/2018/04/drupal-rce-exploit-code.html Quote Two weeks ago, Drupal security team discovered a highly critical remote code execution vulnerability, dubbed Drupalgeddon2, in its content management system software that could allow attackers to completely take over vulnerable websites. To address this vulnerability the company immediately released updated versions of Drupal CMS without releasing any technical details of the vulnerability, giving more than a million sites enough time to patch the issue. The Drupalgeddon2 vulnerability that affects all versions of Drupal from 6 to 8 allows an unauthenticated, remote attacker to execute malicious code on default or common Drupal installations. If you have not updated Drupal recently, good idea to do in sooner than later. Quote Link to comment Share on other sites More sharing options...
LSW Posted April 18, 2018 Author Report Share Posted April 18, 2018 Here is another article on the hacker attacks now happening against Drupal. Hackers Exploiting Drupal Vulnerability to Inject Cryptocurrency Miners https://thehackernews.com/2018/04/drupal-cryptocurrency-hacking.html Quote Drupalgeddon2, a highly critical remote code execution vulnerability discovered two weeks ago in Drupal content management system software, was recently patched by the company without releasing its technical details. However, just a day after security researchers at Check Point and Dofinity published complete details, a Drupalgeddon2 proof-of-concept (PoC) exploit code was made widely available, and large-scale Internet scanning and exploitation attempts followed. At the time, no incident of targets being hacked was reported, but over the weekend, several security firms noticed that attackers have now started exploiting the vulnerability to install cryptocurrency miner and other malware on vulnerable websites. The SANS Internet Storm Center spotted some attacks to deliver a cryptocurrency miner, a PHP backdoor, and an IRC bot written in Perl. Quote Link to comment Share on other sites More sharing options...
LSW Posted April 19, 2018 Author Report Share Posted April 19, 2018 Make this thread: "Drupal Users need to update.. again!" Another Critical Flaw Found In Drupal Core-Patch Your Sites Immediately https://thehackernews.com/2018/04/drupal-site-vulnerability.html Quote For the second time within a month, Drupal has been found vulnerable to another critical vulnerability that could allow remote attackers to pull off advanced attacks including cookie theft, keylogging, phishing and identity theft. Discovered by the Drupal security team, the open source content management framework is vulnerable to cross-site scripting (XSS) vulnerability that resides in a third-party plugin CKEditor which comes pre-integrated in Drupal core to help site administrators and users create interactive content. CKEditor is a popular JavaScript-based WYSIWYG rich text editor which is being used by many websites, as well as comes pre-installed with some popular web projects. According to a security advisory released by CKEditor, the XSS vulnerability stems from the improper validation of "img" tag in Enhanced Image plugin for CKEditor 4.5.11 and later versions. This could allow an attacker to execute arbitrary HTML and JavaScript code in the victim's browser and gain access to sensitive information. Quote Link to comment Share on other sites More sharing options...
LSW Posted April 26, 2018 Author Report Share Posted April 26, 2018 Third Critical Drupal Flaw Discovered - Patch Your Sites Immediately https://thehackernews.com/2018/04/drupal-vulnerability-exploit.html Quote Damn! You have to update your Drupal websites. Yes, of course once again—literally it’s the third time in last 30 days. As notified in advance two days back, Drupal has now released new versions of its software to patch yet another critical remote code execution (RCE) vulnerability, affecting its Drupal 7 and 8 core. Drupal is a popular open-source content management system software that powers millions of websites, and unfortunately, the CMS has been under active attacks since after the disclosure of a highly critical remote code execution vulnerability. The new vulnerability was discovered while exploring the previously disclosed RCE vulnerability, dubbed Drupalgeddon2 (CVE-2018-7600) that was patched on March 28, forcing the Drupal team to release this follow-up patch update. Quote Link to comment Share on other sites More sharing options...
LSW Posted April 26, 2018 Author Report Share Posted April 26, 2018 Release of PoC Exploit for New Drupal Flaw Once Again Puts Sites Under Attack https://thehackernews.com/2018/04/drupalgeddon3-exploit-code.html Quote Only a few hours after the Drupal team releases latest updates to fix a new remote code execution flaw in its content management system software, hackers have already started exploiting the vulnerability in the wild. Announced yesterday, the newly discovered vulnerability (CVE-2018-7602) affects Drupal 7 and 8 core and allows remote attackers to achieve exactly same what previously discovered Drupalgeddon2 (CVE-2018-7600) flaw allowed—complete take over of affected websites. Although Drupal team has not released any technical details of the vulnerability to prevent immediate exploitation, two individual hackers have revealed some details, along with a proof-of-concept exploit just a few hours after the patch release. If you have been actively reading every latest story on The Hacker News, you must be aware of how the release of Drupalgeddon2 PoC exploit derived much attention, which eventually allowed attackers actively hijack websites and spread cryptocurrency miners, backdoors, and other malware. As expected, the Drupal team has warned that the new remote code execution flaw, let's refer it Drupalgeddon3, is now actively being exploited in the wild, again leaving millions of websites vulnerable to hackers. Quote Link to comment Share on other sites More sharing options...
LSW Posted June 6, 2018 Author Report Share Posted June 6, 2018 Over 115,000 Drupal Sites Still Vulnerable to Drupalgeddon2 Exploit https://thehackernews.com/2018/06/drupalgeddon2-exploit.html Quote Security researcher Troy Mursch scanned the whole Internet and found over 115,000 Drupal websites are still vulnerable to the Drupalgeddon2 flaw despite repetitive warnings. Drupalgeddon2 (CVE-2018-7600) is a highly critical remote code execution vulnerability discovered late March in Drupal CMS software (versions < 7.58 / 8.x < 8.3.9 / 8.4.x < 8.4.6 / 8.5.x < 8.5.1) that could allow attackers to completely take over vulnerable websites.For those unaware, Drupalgeddon2 allows an unauthenticated, remote attacker to execute malicious code on default or standard Drupal installations under the privileges of the user. Quote Link to comment Share on other sites More sharing options...
LSW Posted August 6, 2018 Author Report Share Posted August 6, 2018 Symfony Flaw Leaves Drupal Sites Vulnerable to Hackers - Patch Now https://thehackernews.com/2018/08/symfony-drupal-hack.html Quote It's time to update your Drupal websites.Drupal, the popular open-source content management system, has released a new version of its software to patch a security bypass vulnerability that could allow a remote attacker to take control of the affected websites.The vulnerability, tracked as CVE-2018-14773, resides in a component of a third-party library, called Symfony HttpFoundation component, which is being used in Drupal Core and affects Drupal 8.x versions before 8.5.6. Since Symfony—a web application framework with a set of PHP components—is being used by a lot of projects, the vulnerability could potentially put many web applications at risk of hacking. Symfony Component Vulnerability According to an advisory released by Symfony, the security bypass vulnerability originates due to Symfony's support for legacy and risky HTTP headers. Quote Link to comment Share on other sites More sharing options...
LSW Posted April 19, 2019 Author Report Share Posted April 19, 2019 Drupal Releases Core CMS Updates to Patch Several Vulnerabilities https://thehackernews.com/2019/04/drupal-security-update.html Quote Drupal, the popular open-source content management system, has released security updates to address multiple "moderately critical" vulnerabilities in Drupal Core that could allow remote attackers to compromise the security of hundreds of thousands of websites. According to the advisories published today by the Drupal developers, all security vulnerabilities Drupal patched this month reside in third-party libraries that are included in Drupal 8.6, Drupal 8.5 or earlier and Drupal 7. One of the security flaws is a cross-site scripting (XSS) vulnerability that resides in a third-party plugin, called JQuery, the most popular JavaScript library that is being used by millions of websites and also comes pre-integrated in Drupal Core. Last week, JQuery released its latest version jQuery 3.4.0 to patch the reported vulnerability, which has not yet assigned a CVE number, that affects all prior versions of the library to that date. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.