Hundreds of big-name sites hacked, converted into drive-by currency miners A mass hacking campaign that targets a critical vulnerability in the Drupal content management system has converted more than 400 government, corporate, and university websites into cryptocurrency mining platforms that surreptitiously drain visitors’ computers of electricity and computing resources, a security researcher said Monday. Sites that were hacked included those belonging to computer maker Lenovo,… Read More
Hello Kitty: Malware targets Drupal to mine for cryptocurrency Kitty, a Monero cryptocurrency which utilizes open-source mining software for browsers, executes a bash script, kdrupal.php, which is written to an infected server disc. This then establishes a backdoor into an infected system separate from the Drupal vulnerability. Source: zdnet… Read More
“Drupalgeddon2” Recent Developments Recently, further developments into other methods to achieve RCE were uncovered. Drupal released advisory SA-CORE-2018-004 with updated versions and patches to fix the newly identified flaws. Source: trustwave… Read More
Drupal Remote Code Execution vulnerability exploited widely The flaw exists in the Drupal core package in all supported versions of Drupal, eg. 7.x and 8.x releases. This vulnerability allows attackers to exploit Drupal powered sites from numerous attack vectors. The end result being the site compromised as remote code can be executed, possibly giving unrestricted control to the hosting environment. Source: drupal… Read More
Drupalgeddon: Critical Flaw Exposes Million Drupal Websites to Attacks All versions of the Drupal content management system are affected by a highly critical vulnerability that can be easily exploited to take complete control of affected websites in what may turn out to be Drupalgeddon 2.0. Source: securityweek… Read More