Lumension® Endpoint Intelligence Center

Intelligence Center » News Archive » Drupalocalypse! Devs say it's best to assume your CMS is owned

Drupalocalypse! Devs say it's best to assume your CMS is owned

2014/10/30

The Register - (International) The developers of the Drupal content management system (CMS) warned that Drupal Web sites that were not patched within 7 hours of the disclosure of a critical SQL injection vulnerability October 15 should be considered compromised due to the simplicity of the vulnerability and how quickly it was leveraged by attackers. The developers advised affected admins to restore their sites from backup since applying the patch would only close the vulnerability to future use, not remove any malware already in place.

Source: http://www.theregister.co.uk/2014/10/30/drupal_sites_considered_hosed_if_sqli_hole_unclosed/

Note: This news synopsis is taken from the DHS Daily Open Source Infrastructure Report, a daily [Monday through Friday, except US Federal holidays] summary of open-source published information concerning significant critical infrastructure issues; a 10-day archive of the DOSIR can be found at: http://www.dhs.gov/dhs-daily-open-source-infrastructure-report.


Last Updated: 27 May 2016 10:22:18