Drupalgeddon2 Archives - Security Affairs

Pierluigi Paganini October 08, 2019

Hackers continue to exploit the Drupalgeddon2 flaw in attacks in the wild

Researchers from Akamai uncovered a new campaign targeting the Drupalgeddon2 vulnerability to deliver malware. The popular security expert Larry W. Cashdollar from Akamai has uncovered a new campaign targeting the popular Drupalgeddon2 vulnerability (CVE-2018-7600) to deliver malware. Drupalgeddon2 is a “highly critical” vulnerability that affects Drupal 7 and 8 core, it could be exploited by an attacker […]

Pierluigi Paganini November 20, 2018

Hackers target Drupal servers chaining several flaws, including Drupalgeddon2 and DirtyCOW

Hackers targeted Drupal web servers chaining some known vulnerabilities, including Drupalgeddon2 and DirtyCOW issues. Security experts at Imperva reported an attack against Drupal Web servers running on Linux-based systems. Hackers exploited the Drupalgeddon2 flaw (CVE-2018-7600) along with other issues. The Drupalgeddon2 could be exploited to take over a website, it affects Drupal versions 6, 7 and 8. The other flaw […]

Pierluigi Paganini June 05, 2018

Over 115,000 Drupal Sites still vulnerable to Drupalgeddon2, a gift to crooks

Two months after the release of the security updates for the drupalgeddon2 flaw, experts continue to see vulnerable websites running on flawed versions of Drupal that hasn’t installed security patches. In March, the Drupal developers Jasper Mattsson discovered a “highly critical” vulnerability, tracked as CVE-2018-7600, aka drupalgeddon2, affecting Drupal 7 and 8 versions. Both Drupal 8.3.x and 8.4.x are […]

Pierluigi Paganini May 21, 2018

Hacked Drupal sites involved in mining campaigns, RATs distributions, scams

Crooks are exploiting known vulnerabilities in the popular Drupal CMS such as Drupalgeddon2 and Drupalgeddon3 to deliver cryptocurrency miners, remote administration tools (RATs) and tech support scams. Security experts at Malwarebytes reported that compromised Drupal websites are used to deliver cryptocurrency miners, remote administration tools (RATs) and tech support scams. Crooks are exploiting known vulnerabilities in the […]

Pierluigi Paganini May 08, 2018

Hackers continue to hack Drupal installs to install backdoors and inject cryptocurrency malware

Recently security experts discovered two critical vulnerabilities in the Drupal CMS (CVE-2018-7600 and CVE-2018-7602), and cybercriminals promptly attempted to exploit them in the wild. The hackers started using the exploits for the above vulnerabilities to compromise drupal installs, mostly cryptocurrency mining. It has been estimated that potentially over one million Drupal websites are vulnerable to cyber attacks […]

Pierluigi Paganini April 26, 2018

CVE-2018-7602 – Drupal addressed a new vulnerability associated with Drupalgeddon2 flaw

The new flaw tracked as CVE-2018-7602, is a highly critical remote code execution issue, Drupal team fixed it with the release of versions 7.59, 8.4.8 and 8.5.3. Drupal team has released updates for versions 7 and 8 of the popular content management system (CMS) to address the recently disclosed CVE-2018-7600 Drupalgeddon2 flaw. The new flaw tracked as CVE-2018-7602, is a highly […]

Pierluigi Paganini April 19, 2018

Experts are observing Drupalgeddon2 (CVE-2018-7600) attacks in the wild

After the publication of a working Proof-Of-Concept for Drupalgeddon2 on GitHub experts started observing attackers using it to deliver backdoors and crypto miners. At the end of March, the Drupal Security Team confirmed that a “highly critical” vulnerability (dubbed Drupalgeddon2), tracked as CVE-2018-7600, was affecting Drupal 7 and 8 core and announced the availability of security updates on March 28th. The […]

Pierluigi Paganini April 13, 2018

Experts warn threat actors are scanning the web for Drupal installs vulnerable to Drupalgeddon2

After the publication of a working Proof-Of-Concept for Drupalgeddon2 on GitHub for “educational or information purposes,” experts started observing bad actors attempting to exploit the flaw. At the end of March, the Drupal Security Team confirmed that a “highly critical” vulnerability (dubbed Drupalgeddon2), tracked as CVE-2018-7600, was affecting Drupal 7 and 8 core and announced the availability of security updates on […]

Pierluigi Paganini March 29, 2018

Drupal finally addressed the critical CVE-2018-7600 Drupalgeddon2 vulnerability

The Drupal development team has fixed the drupalgeddon2 vulnerability that could be exploited by an attacker to take over a website. A few days ago, Drupal Security Team confirmed that a “highly critical” vulnerability, tracked as CVE-2018-7600, affects Drupal 7 and 8 core and announced the availability of security updates on March 28th. The vulnerability was discovered […]

Drupalgeddon2

Hackers continue to exploit the Drupalgeddon2 flaw in attacks in the wild

Hackers target Drupal servers chaining several flaws, including Drupalgeddon2 and DirtyCOW

Over 115,000 Drupal Sites still vulnerable to Drupalgeddon2, a gift to crooks

Hacked Drupal sites involved in mining campaigns, RATs distributions, scams

Hackers continue to hack Drupal installs to install backdoors and inject cryptocurrency malware

CVE-2018-7602 – Drupal addressed a new vulnerability associated with Drupalgeddon2 flaw

Experts are observing Drupalgeddon2 (CVE-2018-7600) attacks in the wild

Experts warn threat actors are scanning the web for Drupal installs vulnerable to Drupalgeddon2

Drupal finally addressed the critical CVE-2018-7600 Drupalgeddon2 vulnerability

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Google fined $314M for misusing idle Android users' data

A flaw in Catwatchful spyware exposed logins of +62,000 users

China-linked group Houken hit French organizations using zero-days

Cybercriminals Target Brazil: 248,725 Exposed in CIEE One Data Breach

Europol shuts down Archetyp Market, longest-running dark web drug marketplace

QUICK LINKS

Drupalgeddon2

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!