[GLLUG] Fwd: Drupal Warns Users of Mass, Automated Attacks On Critical Flaw
c.e.tower at gmail.com
Fri Oct 31 10:27:36 EDT 2014
Who maintains our website? Has the patch mentioned below been applied?
-------- Original Message --------
Subject: Drupal Warns Users of Mass, Automated Attacks On Critical Flaw
Date: Thu, 30 Oct 2014 14:50:00 GMT
Drupal Warns Users of Mass, Automated Attacks On Critical Flaw
Trailrunner7 writes The maintainers of the Drupal content management
system are warning users that any site owners who haven't patched a
critical vulnerability in Drupal Core disclosed earlier this month
should consider their sites to be compromised. The vulnerability, which
became public on Oct. 15, is a SQL injection flaw in a Drupal module
that's designed specifically to help prevent SQL injection attacks.
Shortly after the disclosure of the vulnerability, attackers began
exploiting it using automated attacks. One of the factors that makes
this vulnerability so problematic is that it allows an attacker to
compromise a target site without needing an account and there may be no
trace of the attack afterward.
Read more of this story
More information about the linux-user