'[ISN] Did Drupal Drop The Ball? Users Who Didn't Update Within 7 Hours 'Should Assume They've Been H'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       isn
Subject:    [ISN] Did Drupal Drop The Ball? Users Who Didn't Update Within 7 Hours 'Should Assume They've Been H
From:       InfoSec News <alerts () infosecnews ! org>
Date:       2014-10-30 14:38:38
Message-ID: alpine.DEB.2.02.1410301438230.1586 () infosecnews ! org
[Download RAW message or body]

http://www.forbes.com/sites/thomasbrewster/2014/10/30/did-drupal-drop-the-ball-users-who-didnt-update-within-7-hours-should-assume-theyve-been-hacked/


By Thomas Fox-Brewster
Forbes.com
10/30/2014

Hackers are remarkably quick off the mark. Drupal, the creator of the 
eponymous content management system that millions use the world over, now 
knows that all too well. In mid-October it patched a SQL injection flaw, 
which could be exploited by tricking a database into coughing up data from 
its tables and columns using the SQL language. But yesterday, it said that 
thanks to an automated attack that hit up as many Drupal sites containing 
the vulnerability as quickly as possible, anyone who didn't update to 
version 7.32 within seven hours of its release should assume they've been 
hacked.

The bombshell was officially dropped in an advisory late yesterday, ranked 
‘Highly Critical'. And for all those users concerned, updating to version 
7.32 or applying the patch fixes the vulnerability but will not fix a 
compromised website, the warning read. It gets a little worse, as Michael 
Hess HES -1.01% of the Drupal security team notes: "If you find that your 
site is already patched but you didn't do it, that can be a symptom that 
the site was compromised – some attacks have applied the patch as a way to 
guarantee they are the only attacker in control of the site."

Hackers who broke into Drupal-based sites may have done all kinds of nasty 
things, from installing backdoors to simply grabbing all data on that 
site. They might even be able to use their leverage to compromise other 
websites and apps hosted on the same server, escalating their attacks. Put 
simply, this could be catastrophic for victims.

SQL injection is one of the most commonly used attack methods on the 
planet. Tools like slqmap automate such attacks requiring little technical 
skill of the hacker, yet lead to devastating results.

[...]



--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic