HackDig : Dig high-quality web security articles for hacker

Drupal fixes the CVE-2017-6922 flaw exploited in spam campaigns in the wild

Drupal team released security updates to fix several vulnerabilities, including the critical access bypass flaw CVE-2017-6922 exploited in spam campaigns. The Drupal development team has released security updates to fix several vulnerabilities, including the critical access bypass flaw tracked as CVE-2017-6922 that has been exploited in spam campaigns. The C
Publish At:2017-06-23 07:05 | Read:358 | Comments:0 | Tags:Breaking News Hacking CMS CVE-2017-6922 Cybercrime Drupal Pi

Critical vulnerability in Drupal References Module opens 120,000 Sites to hack

A critical vulnerability affects the Drupal References module that is used by hundreds of thousands of websites using the popular CMS. The Drupal security team has discovered a critical vulnerability in a third-party module named References. The Drupal team published a Security advisory on April 12 informing its users of the critical flaw. The flaw has a hug
Publish At:2017-04-20 04:35 | Read:519 | Comments:0 | Tags:Breaking News Hacking CMS Cybercrime Drupal References Modul

Drupal version 8.2.7 address multiple vulnerabilities in the current version of the popular CMS

Drupal development team has issued a new release of the popular content management system (CMS), Drupal version 8.2.7, that fixes multiple vulnerabilities. The Drupal development team has released the Drupal version 8.2.7 that addressed a number of vulnerabilities in the popular CMS. The list of flaws includes an access bypass issue, a cross-site request for
Publish At:2017-03-16 19:55 | Read:826 | Comments:0 | Tags:Breaking News Hacking CMS Drupal Drupal version 8.2.7

Drupal releases security updates to fix four vulnerabilities in versions 7, 8

Drupal developers have released updates for versions 7 and 8 that fix security issues which could expose websites to cyber attacks. The Drupal development team has released security updates for versions 7 and 8. The updates fix security vulnerabilities that could expose websites running on the popular CMS and data they manage to security risks, including inf
Publish At:2016-11-18 11:05 | Read:843 | Comments:0 | Tags:Breaking News Hacking Security cache poisoning Drupal patch

Security firm Sucuri analyzed tens of thousands of compromised websites

Security firm Sucuri published a detailed study, titled Hacked Website Report for 2016/Q2, on compromised websites on the Internet. According to the security expert Daniel Cid from Sucuri, at least 15,769 WordPress websites have been compromised this year. Sucuri has published a report, titled Hacked Website Report for 2016/Q2, related compromised websites o
Publish At:2016-09-26 16:40 | Read:1059 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Malware Reports 15 769 Wor

Linux.Rex.1, a new Linux Trojan the creates a P2P Botnet

Security researchers discovered a new Linux Trojan dubbed Linux.Rex.1 that is capable of self-spreading and create a peer-to-peer botnet. A newly observed Linux Trojan is capable of self-spreading through infected websites and can recruit the infected machines into a peer-to-peer (P2P) botnet, Doctor Web researchers warn. Security researchers from the firm D
Publish At:2016-08-24 04:45 | Read:1245 | Comments:0 | Tags:Breaking News Cyber Crime Malware botnet CMS Cybercrime Drup

Drupalgeddon hits Warframe – nearly 800,000 gamers’ account details being sold on the net.

Are you a fan of Warframe?Is so, Digital Extremes, the company behind the popular online game for the XBox One, Playstation 4 and PC, has some bad news for you.Last week we were made aware of a potential web server breach that occurred in November 2014. At the time, we believed this to be a phishing scam as our account server was secure. After a thorough rev
Publish At:2016-07-21 14:15 | Read:1045 | Comments:0 | Tags:Featured Articles Security Awareness data breach Drupal Hack

Old CVE-2014-3704 flaw in Drupal still exploited in attacks

More than 19 months after its public disclosure the CVE-2014-3704 is still exploited in attacks against Drupal-based websites. It was October 2014, when Drupal patched a critical SQL injection vulnerability (CVE-2014-3704) that was affecting all Drupal core 7.x versions up to the recently-released 7.32 version, which fixed the issue. The patch issued by Drup
Publish At:2016-06-05 04:35 | Read:1256 | Comments:0 | Tags:Breaking News Cyber Crime Hacking CMS CVE-2014-3704 Cybercri

Unpatched Drupal flaws open websites to attacks

IOActive has uncovered a number of serious vulnerabilities affecting the Drupal CMS that could be exploited to completely takeover the vulnerable websites. A new vulnerability affecting Drupal could be exploited for code execution and database credentials theft (by Man-in-the-Middle), according to Fernando Arnaboldi, a senior
Publish At:2016-01-07 16:10 | Read:925 | Comments:0 | Tags:Breaking News Hacking CMS CSRF Drupal man-in-the-middle

Drupal Update Issues Could Expose Web Admins to Attacks

A researcher has identified three security issues in Drupal that could expose unsuspecting web admins to various attacks.Fernando Arnaboldi, a senior security researcher and consultant at IOActive, discusses the three issues in a post on his company’s blog.The first issue is that when the Drupal update process fails, certain versions of Drupal will no
Publish At:2016-01-07 14:20 | Read:839 | Comments:0 | Tags:Latest Security News CSRF denial of service Drupal Fernando

Drupal - Insecure Update Process

By Fernando ArnaboldiSecurity updates are a common occurrenceonce you have installed Drupal. In October 2014, there was a massive defacement attack that effected Drupal users who did not upgrade in the first seven hoursafter a security update was released. This means that Drupal updates must bechecked as frequently as possible (even though by default, Drup
Publish At:2016-01-06 18:15 | Read:1888 | Comments:0 | Tags:application security drupal fernando arnaboldi hacking updat

Pair of Drupal Modules Patch Access Bypass Flaws

A pair of modules included in the Drupal content management system have been updated to fix access bypass vulnerabilities that could allow an attacker to take actions on the behalf of some users.One of the modules fixed is the Twitter module, which allows users to take a variety of actions, including pulling in public tweets and authenticating via Twitter. T
Publish At:2015-09-11 00:30 | Read:656 | Comments:0 | Tags:Vulnerabilities Web Security Drupal twitter vulnerabilities

Several Critical Flaws Patched in Drupal Module

There are several critical vulnerabilities in a middleware layer used in Drupal, including both cross-site scripting and cross-site request forgery bugs, that can be exploited remotely.The vulnerabilities are in the Open Semantic Framework, which is a third-party project and not part of the Drupal Core. The framework is used to allow “structured data (
Publish At:2015-07-28 09:05 | Read:579 | Comments:0 | Tags:Vulnerabilities Web Security CSRF Drupal vulnerabilities Web

#HackerKast 42: Hacking Team, LastPass Clickjacking, Cowboy Adventure Game Distributes Malware, Droopescan, WhiteHat Acc

Welcome to the Episode in which we describe the answer to the Ultimate Question of Life, the Universe, and Everything. Maybe we’ll just stick to security but we’ve now done 42 of these things. Kicking off this week with a gigantic combined story about Hacking Team, the story that keeps on giving. We touched on this breach last week but as people
Publish At:2015-07-18 15:50 | Read:1687 | Comments:0 | Tags:Vulnerabilities Web Application Security WhiteHat HackerKast

Critical Bug Found in Drupal OpenID Module Receives Patch

Drupal has released security updates for four vulnerabilities affecting versions 6 and 7 of the content-management system, including a critical bug that could allow attackers to hijack legitimate users’ accounts.The vulnerability (CVE-2015-3234) lies in Drupal’s OpenID module, which enables users to authenticate themselves using the OpenID protoc
Publish At:2015-06-19 11:45 | Read:950 | Comments:0 | Tags:Latest Security News Drupal Field UI OpenID SQLi

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud