Articles about drupal

analysis

Drupal drisputes dreport of widespread wide-open websites – whoa

Drupal is playing down estimates that more than 100,000 websites are still vulnerable to months-old critical security flaws in its content management system. The developer said Thursday that reports from earlier this week claiming tens of thousands of sites were not patched with version 7.58, and thus were vulnerable to an …
Shaun Nichols, 7 Jun 2018
zombie_648

That Drupal bug you were told to patch weeks ago? Cryptominers hope you haven't bothered

A set of high-severity vulnerabilities in Drupal that were disclosed last month are now the target of widespread attacks by a malware campaign. Researcher Troy Mursch of Bad Packets Report has spotted hundreds of compromised Drupal sites being used to host "cryptojacking" malware that uses the CPUs of visitors to mine …
Shaun Nichols, 7 May 2018
casino_security_648

Patch Drupal now: Yet another critical website bug found – a sequel to 'Drupalgeddon2'

After scrambling to patch a critical vulnerability late last month, Drupal is at it again. The open source content management project has issued an unscheduled security update to augment its previous patch for Drupalgeddon2. There was also a cross-site scripting bug advisory in mid-April. Rage Running Drupal? You need to …
Thomas Claburn, 25 Apr 2018
casino_security_648

Router ravaging, crippling code, and why not to p*ss off IT staff

Roundup It has been a busy week for security, with the CYBERUK 2018 conference in the UK and the industry gearing up for BSides and the RSA conference in San Francisco next week. But there have been a bunch of smaller stories that may have slipped under your radar, plus all the other bits and pieces we've covered this week. Wreckin' …
Iain Thomson, 14 Apr 2018
Rage

Running Drupal? You need to patch, patch, patch right now!

Anyone running a website built with Drupal should stop whatever they are doing right now and install critical security patches. The organization behind the open-source software today put out an urgent security patch to address a remote code execution vulnerability in "multiple subsystems" of its content management system …
Kieren McCarthy, 28 Mar 2018

Drupal sci-fi sex scandal deepens: Now devs spank Dries over Gor bloke's banishment

Updated Scores of Drupal developers have formed a protest against the exiling of a project veteran who dabbled in kinky sci-fi hanky-panky. An open letter and website called Drupalconfessions.org, signed by 85 devs, calls on Drupal lead Dries Buytaert to end the exclusion of people based on their sexual appetites. The letter comes …
Shaun Nichols, 13 Apr 2017
Barck Obama, sitting in chair

Hello |FNAME|, this is the Obama-bot Drupal chat module speaking

The White House has open-sourced the bot that president Obama uses to automatically respond to messages sent on Facebook Messenger Yours for the forking on GitHub the bot is, says White House chief digital officer Jason Goldman, “a Drupal module, complete with easy steps and boiler plate code.” “This will enable Drupal 8 …
Simon Sharwood, 17 Oct 2016

Safe browsing checks fail as 16,000 WordPress sites hacked this year

At least 15,769 WordPress websites - and probably more - have been compromised this year, half slipping past Google's Safe Browsing checks, says security researcher Daniel Cid. The world's most popular content management system represented the lion's share of some 21,821 sites studied in the second 2016 Sucuri report on …
Darren Pauli, 23 Sep 2016

Critical remote code execution holes reported in Drupal modules

Drupal is calling on its users to patch a dangerous remote code execution hole that can let attackers easily hijack sites. The content management system has some 15 million downloads, compared to WordPress on 140 million and Joomla with 30 million, but is used on big ticket and business sites including nine percent of the …
Darren Pauli, 14 Jul 2016
Doctor Who in Listen

Your WordPress and Drupal installs are probably obsolete

Many of the UK's biggest firms are running outdated versions of their Drupal and Wordpress Content Management Systems (CMSes). Threat management company RiskIQ conducted research across the top 30 organisations in the UK (FTSE-30), looking specifically at Wordpress and Drupal instances visible on the open web. At least three …
John Leyden, 1 Jun 2016

Panama Papers hack: Unpatched WordPress, Drupal bugs to blame?

The extraordinary leak of documents from law firm Mossack Fonseca that has spun a spotlight on the tax-avoiding efforts by the world's elite was likely the result of unpatched content management systems (CMSes). A slew of stories this past week drawn from the 11.5 million documents and 2.6TB of data have seen the prime …

Drupal drips out ten new patches, one worthy of immediate attention

Drupal has patched 10 holes in its platform that allow attackers to do things like access blocked resources and gain remote code execution. The world's second-most-popular content management system also sent its sixth version to end-of-life status. Six of the flaws are considered moderately severe and three minor for affected …
Darren Pauli, 26 Feb 2016
Chains image via Shutterstock

Open source plugin aims to defeat link rot

A new open source plugin designed to prevent the creation of dead content links online – so called "link rot" – has launched. Amber has been designed by Harvard's Berkman Center for Internet and Society and it provides what it calls a "persistent route" to information on the internet by automatically taking and retaining a …
Kieren McCarthy, 28 Jan 2016

'You're updated!' Drupal says, with fingers crossed behind back

Drupal installations could be out of date and open to attack thanks to a borked update process that flags unpatched platforms as current. The popular content management system is used by more than a million sites making it a significant target for hackers. Indeed, in October 2014 attackers took mere hours to compromise untold …
Darren Pauli, 7 Jan 2016
Drupal 8 logo

Shall we Drupal 8? Hint: it's not a verb, but the 8th version of Drupal

The 8th version of open source content management system (CMS) Drupal is upon us. This time around, Drupal folk are talking up tooling for “the post-browser era”, which apparently means lots of people now read stuff on devices Dries Buytaert, creator and project lead of Drupal and also CTO at Drupal-wrangling firm Acquia …
Simon Sharwood, 20 Nov 2015

Drupal flicks fix to nix OpenID admin account hijack hole

Drupal has shuttered a flaw in its implementation of OpenID that allows attackers to log in as web site administrators. The flaw (CVE-2015-3234) is the most critical of four and affects versions six and seven of the content management system. Drupal's security team say attackers can target unpatched systems if they hold an …
Darren Pauli, 19 Jun 2015
Now you've done it...

Drupal megaflaw raises questions over CMS bods' crisis mgmt

The security world has been shocked to its foundations following ominous warnings that millions of Drupal websites that didn't apply a critical patch within hours of its release earlier this month should be regarded as hopelessly compromised. The maintainers of the Drupal content management system warned users that “automated …
John Leyden, 3 Nov 2014

DRUPAL-OPCALYPSE! Devs say best assume your CMS is owned

Drupal websites that had not patched seven hours after the disclosure on a "highly critical" SQL injection (SQLi) hole disclosed on 15 October are essentially hosed, the content management tool's developers say. Attacks against the vulnerability (CVE-2014-3704) in version seven of the content management system began "hours" …
Darren Pauli, 30 Oct 2014

Create a news alert about drupal, or find more stories about drupal.

Biting the hand that feeds IT © 1998–2018