Tuesday, January 19, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

It took hackers only three days to start exploiting latest Drupal bug

February 26, 2019
in Internet Security
It took hackers only three days to start exploiting latest Drupal bug
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Three days –that’s the time it took hackers to start launching attacks against Drupal sites using an exploit for a security flaw the CMS project patched last week.

The attacks, detected by web firewall firm Imperva, tried to take advantage of yet-to-be-patched Drupal sites and plant a JavaScript cryptocurrency miner called CoinIMP on vulnerable sites.

You might also like

Microsoft Defender is boosting its response to malware attacks by changing a key setting

Australia’s tangle of electronic surveillance laws needs unravelling

You’re using your Android and Mac’s fingerprint reader all wrong

The coin-mining script, which works similarly to the more famous Coinhive, would have used the browsers of all site visitors to mine the Monero cryptocurrency for the hackers.

The attacks began on Saturday, February 23, according to Imperva, three days after the Drupal project patched a vulnerability tracked as CVE-2019-6340, and two days after proof-of-concept (PoC) exploit code became widely available online on different sites [1, 2].

Imperva says the hundreds of attacks it detected used one of the PoCs as a base for its exploitation routine, proving once again that releasing proof-of-concept code is mostly helping attackers rather than site owners.


Image: Imperva

The attacks trying to exploit CVE-2019-6340 to plant cryptominers aren’t unique. The Drupal content management system (CMS) received two major patches last year for two vulnerabilities named Drupalgeddon 2 (CVE-2018-7600) and Drupalgeddon 3 (CVE-2018-7602).

Similar to last week’s events, security researchers who analyzed the two flaws last year published PoC code that helped attackers launch attacks within days. Just like last week, cryptominers were their go-to payload [1, 2].

But while the Drupalgeddon 2 and Drupalgeddon 3 flaws affected the vast majority of Drupal sites, the good news is that last week’s bug –CVE-2019-6340– only affects Drupal 8 sites and not the more popular and widespread Drupal 7 version.

There are roughly 63,000 Drupal 8 sites around, Troy Mursch, co-founder of Bad Packets LLC, told ZDNet. Furthermore, only Drupal 8 sites where a certain combination of modules is enabled, are vulnerable, meaning that very few of these are actually vulnerable, Mursch said.

All in all, while the Drupalgeddon 2 vulnerability took months to patch and was exploited as late as last fall, this new bug doesn’t look like it will be exploited more than a few days until hackers realize they’re wasting their time.

With an estimated number of vulnerable sites sitting in the hundreds or low thousands out of 1.2 million total number of Drupal sites, this is a minuscule attack surface that won’t entice that many hacker groups going forward.

Related cybersecurity news coverage:

Credit: Source link

Previous Post

Does machine learning cause a science crisis?

Next Post

Workshop on artificial intelligence and machine learning | Ahmedabad News

Related Posts

Microsoft Defender is boosting its response to malware attacks by changing a key setting
Internet Security

Microsoft Defender is boosting its response to malware attacks by changing a key setting

January 19, 2021
Australia’s tangle of electronic surveillance laws needs unravelling
Internet Security

Australia’s tangle of electronic surveillance laws needs unravelling

January 19, 2021
You’re using your Android and Mac’s fingerprint reader all wrong
Internet Security

You’re using your Android and Mac’s fingerprint reader all wrong

January 19, 2021
OpenWRT reports data breach after hacker gained access to forum admin account
Internet Security

OpenWRT reports data breach after hacker gained access to forum admin account

January 19, 2021
Hackers ‘manipulated’ stolen COVID-19 vaccine data before leaking it online
Internet Security

Hackers ‘manipulated’ stolen COVID-19 vaccine data before leaking it online

January 19, 2021
Next Post
Workshop on artificial intelligence and machine learning | Ahmedabad News

Workshop on artificial intelligence and machine learning | Ahmedabad News

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Microsoft Defender is boosting its response to malware attacks by changing a key setting
Internet Security

Microsoft Defender is boosting its response to malware attacks by changing a key setting

January 19, 2021
New Educational Video Series for CISOs with Small Security Teams
Internet Privacy

New Educational Video Series for CISOs with Small Security Teams

January 19, 2021
Get Hired as a Data Scientist in 2021: Six Checkpoints
Data Science

Get Hired as a Data Scientist in 2021: Six Checkpoints

January 19, 2021
Project MEDAL to apply machine learning to aero innovation
Machine Learning

Project MEDAL to apply machine learning to aero innovation

January 19, 2021
Australia’s tangle of electronic surveillance laws needs unravelling
Internet Security

Australia’s tangle of electronic surveillance laws needs unravelling

January 19, 2021
Machine Learning / Stats / BI: Mini Translation Dictionary
Data Science

Machine Learning / Stats / BI: Mini Translation Dictionary

January 19, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Microsoft Defender is boosting its response to malware attacks by changing a key setting January 19, 2021
  • New Educational Video Series for CISOs with Small Security Teams January 19, 2021
  • Get Hired as a Data Scientist in 2021: Six Checkpoints January 19, 2021
  • Project MEDAL to apply machine learning to aero innovation January 19, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates