Drupal Archives - Help Net Security

Drupal

Acquia renews Drupal Steward Program support to address always-evolving security risks

August 11, 2021

Acquia announced that it is renewing its founding partnership support of the Drupal Steward Program, a web application firewall introduced by the Drupal Association and …

Out-of-band Drupal security updates fix bugs with known exploits

November 27, 2020

Drupal has released out-of-band security updates to fix two critical code execution flaws (CVE-2020-28948, CVE-2020-28949) in Drupal core, as “there are known exploits …

Drupal-based sites open to attack via double extension files (CVE-2020-13671)

November 23, 2020

Admins of sites running on Drupal are urged to plug a critical security hole (CVE-2020-13671) that may be exploited by attackers to take over vulnerable sites. They have also …

Drupal fixes three vulnerabilities, including one RCE

June 19, 2020

Drupal’s security team has fixed three vulnerabilities in the popular content management system’s core, one of which (CVE-2020-13663) could be exploited to achieve …

WordPress and Apache Struts weaponized vulnerabilities on the rise

March 17, 2020

Vulnerabilities in leading web and application frameworks, if exploited, can have devastating effects like the Equifax breach which affected 147 million people, according to …

Latest WinRAR, Drupal flaws under active exploitation

February 26, 2019

CVE-2018-20250, a WinRAR vulnerability that allows attackers to extract a malicious executable to one of the Windows Startup folder to be executed every time the system is …

Highly critical Drupal RCE flaw could lead to new Drupalgeddon, patch now!

February 21, 2019

A new Drupalgeddon might be brewing: a highly critical vulnerability affecting all versions of the popular content management framework could allow hackers to take over …

Make-A-Wish website compromised to serve cryptojacking script

November 20, 2018

Visitors of the international website of the US-based non-profit Make-A-Wish Foundation have had their computing power misused to covertly mine cryptocurrency, Trustwave …

Traffic manipulation and cryptocurrency mining campaign compromised 40,000+ machines

June 7, 2018

Unknown attackers have compromised 40,000+ servers, networking and IoT devices around the world and are using them to mine Monero and redirect traffic to websites hosting tech …

Crypto Me0wing attacks: Kitty cashes in on Monero

May 24, 2018

It’s been a month since the first Drupalgeddon 2.0 RCE (SA-CORE-2018-002/CVE-2018-7600) exploit was first published, unleashing its destruction into the wild… and …

New Drupal RCE vulnerability under active exploitation, patch ASAP!

April 26, 2018

Yet another Drupal remote code execution vulnerability has been patched by the Drupal security team, who urge users to implement the offered updates immediately as the flaw is …

The Wild West of drive-by cryptocurrency mining

November 8, 2017

As more and more Coinhive clones continue popping up, chances of users’ CPU power being hijacked for cryptocurrency mining are rising. According to Malwarebytes’ …

Drupal

Acquia renews Drupal Steward Program support to address always-evolving security risks

Out-of-band Drupal security updates fix bugs with known exploits

Drupal-based sites open to attack via double extension files (CVE-2020-13671)

Drupal fixes three vulnerabilities, including one RCE

WordPress and Apache Struts weaponized vulnerabilities on the rise

Latest WinRAR, Drupal flaws under active exploitation

Highly critical Drupal RCE flaw could lead to new Drupalgeddon, patch now!

Make-A-Wish website compromised to serve cryptojacking script

Traffic manipulation and cryptocurrency mining campaign compromised 40,000+ machines

Crypto Me0wing attacks: Kitty cashes in on Monero

New Drupal RCE vulnerability under active exploitation, patch ASAP!

The Wild West of drive-by cryptocurrency mining

Don't miss

New infosec products of the week: October 15, 2021

Policy automation to eliminate configuration errors

Whitepaper: What is CCPA and how can it affect your business?

Add a new dimension to ransomware defenses

How do I select a SASE solution for my business?