Drupal Archives - Page 2 of 4

Pierluigi Paganini February 26, 2019

Recently disclosed Drupal CVE-2019-6340 RCE flaw exploited in the wild

Threat actors in the wild are exploiting the recently patched CVE-2019-6340 flaw in the Drupal CMS to deliver cryptocurrency miners and other payloads. Just three days after the CVE-2019-6340 flaw in Drupal was addressed, threat actors in the wild started exploiting the issue to deliver cryptocurrency miners and other payloads. Last week, Drupal core team […]

Pierluigi Paganini February 21, 2019

CVE-2019-6340 Critical flaw in Drupal allows Remote Code Execution

Security expert found a “highly critical” vulnerability (CVE-2019-6340) in the popular Drupal CMS that could be exploited for remote code execution. Drupal released security updates that addresses a “highly critical” vulnerability in the popular Drupal CMS, tracked as CVE-2019-6340, that could be exploited for remote code execution. The CVE-2019-6340 flaw is caused by the lack […]

Pierluigi Paganini November 20, 2018

Hackers target Drupal servers chaining several flaws, including Drupalgeddon2 and DirtyCOW

Hackers targeted Drupal web servers chaining some known vulnerabilities, including Drupalgeddon2 and DirtyCOW issues. Security experts at Imperva reported an attack against Drupal Web servers running on Linux-based systems. Hackers exploited the Drupalgeddon2 flaw (CVE-2018-7600) along with other issues. The Drupalgeddon2 could be exploited to take over a website, it affects Drupal versions 6, 7 and 8. The other flaw […]

Pierluigi Paganini October 19, 2018

Drupal dev team fixed Remote Code Execution flaws in the popular CMS

The Drupal development team has patched several vulnerabilities in version 7 and 8 of the popular CMS, including RCE flaws. The development team of the Drupal content management system addressed several vulnerabilities in version 7 and 8, including some flaws that could be exploited for remote code execution. Drupal team fixed a critical vulnerability that resides in […]

Pierluigi Paganini October 12, 2018

Hackers targeting Drupal vulnerabilities to install the Shellbot Backdoor

A group of hackers is targeting Drupal vulnerabilities, including Drupalgeddon2, patched earlier this year to install a backdoor on compromised servers. Security experts from IBM are targeting Drupal vulnerabilities, including the CVE-2018-7600 and CVE-2018-7602 flaws, aka Drupalgeddon2 and Drupalgeddon3, to install a backdoor on the infected systems and tack full control of the hosted platforms. According to the IBM experts, this last […]

Pierluigi Paganini August 03, 2018

CVE-2018-14773 Symfony Flaw expose Drupal websites to hack

A vulnerability in the Symfony HttpFoundation component tracked as CVE-2018-14773, could be exploited by attackers to take full control of the affected Drupal websites. Maintainers at Drupal addressed the security bypass vulnerability by releasing a new version of the popular content management system, the version 8.5.6. “The Drupal project uses the Symfony library. The Symfony […]

Pierluigi Paganini June 22, 2018

Crooks exploit CVE-2018-7602 Drupal flaw, aka Drupalgeddon3 to deliver Monero miner

Crooks are attempting to exploit a recently patched Drupal vulnerability, tracked as CVE-2018-7602, to drop Monero mining malware onto vulnerable systems. The CVE-2018-7602 flaw is a highly critical remote code execution issue, also known as Drupalgeddon3, that was addressed by the Drupal team in April with the release of versions 7.59, 8.4.8 and 8.5.3. The security patch for the […]

Pierluigi Paganini June 05, 2018

Over 115,000 Drupal Sites still vulnerable to Drupalgeddon2, a gift to crooks

Two months after the release of the security updates for the drupalgeddon2 flaw, experts continue to see vulnerable websites running on flawed versions of Drupal that hasn’t installed security patches. In March, the Drupal developers Jasper Mattsson discovered a “highly critical” vulnerability, tracked as CVE-2018-7600, aka drupalgeddon2, affecting Drupal 7 and 8 versions. Both Drupal 8.3.x and 8.4.x are […]

Pierluigi Paganini May 21, 2018

Hacked Drupal sites involved in mining campaigns, RATs distributions, scams

Crooks are exploiting known vulnerabilities in the popular Drupal CMS such as Drupalgeddon2 and Drupalgeddon3 to deliver cryptocurrency miners, remote administration tools (RATs) and tech support scams. Security experts at Malwarebytes reported that compromised Drupal websites are used to deliver cryptocurrency miners, remote administration tools (RATs) and tech support scams. Crooks are exploiting known vulnerabilities in the […]

Pierluigi Paganini May 08, 2018

Hackers continue to hack Drupal installs to install backdoors and inject cryptocurrency malware

Recently security experts discovered two critical vulnerabilities in the Drupal CMS (CVE-2018-7600 and CVE-2018-7602), and cybercriminals promptly attempted to exploit them in the wild. The hackers started using the exploits for the above vulnerabilities to compromise drupal installs, mostly cryptocurrency mining. It has been estimated that potentially over one million Drupal websites are vulnerable to cyber attacks […]

Drupal

Recently disclosed Drupal CVE-2019-6340 RCE flaw exploited in the wild

CVE-2019-6340 Critical flaw in Drupal allows Remote Code Execution

Hackers target Drupal servers chaining several flaws, including Drupalgeddon2 and DirtyCOW

Drupal dev team fixed Remote Code Execution flaws in the popular CMS

Hackers targeting Drupal vulnerabilities to install the Shellbot Backdoor

CVE-2018-14773 Symfony Flaw expose Drupal websites to hack

Crooks exploit CVE-2018-7602 Drupal flaw, aka Drupalgeddon3 to deliver Monero miner

Over 115,000 Drupal Sites still vulnerable to Drupalgeddon2, a gift to crooks

Hacked Drupal sites involved in mining campaigns, RATs distributions, scams

Hackers continue to hack Drupal installs to install backdoors and inject cryptocurrency malware

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Stellantis probes data breach linked to third-party provider

FBI alerts public to spoofed IC3 site used in fraud schemes

EU agency ENISA says ransomware attack behind airport disruptions

Researchers expose MalTerminal, an LLM-enabled malware pioneer

Beware: GitHub repos distributing Atomic Infostealer on macOS

QUICK LINKS

Drupal

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!