Drupal Patches Critical Bug That Leaves Platform Open to XSS Attack

Drupal has patched several vulnerabilities – both moderately critical and critical – in two versions of its content management system platform.

Comentarii

Trimiteți un comentariu

Postări populare de pe acest blog

The Internet of Everything and digital privacy: what you need to know

If you don’t already own Internet of Things (IoT) devices, you likely will soon. IoT-enabled devices are physical gadgets with built-in Internet connectivity that allow data transmission; often this happens in the background with no indication to the user that anything is happening. The IoT is more like the Internet of Everything—statistics indicate within the next couple of years, there will be three IoT devices for every adult and child on the planet. So, should people be concerned about consumer privacy and data security if these gadgets are always on and ready to transmit information whether we realize it or not? Let’s take a look. Rise of the IoT brings new security concerns The functionality and capabilities of IoT devices bring about realities that haven’t been dealt with before. Many people know they can opt out of some data collection techniques used on websites. However, if they do that with most IoT devices, the decision typically impacts how the gadgets work and may r...
Citiți mai multe

GandCrab ransomware distributed by RIG and GrandSoft exploit kits

Imagine
This post was authored by Vasilios Hioueras and Jérôme Segura Late last week saw the appearance of a new ransomware called GandCrab. Surprisingly, it is distributed via two exploit kits: RIG EK and GrandSoft EK. Why is this surprising? Other than Magnitude EK, which is known to consistently push the Magniber ransomware , other exploit kits have this year mostly dropped other payloads, such as Ramnit or SmokeLoader, typically followed by RATs and coin miners. Despite a bit of a slowdown in ransomware growth towards the last quarter of 2017, it remains a tried and tested business that guarantees threat actors a substantial source of revenue. Distribution GandCrab was first spotted on Jan 26 and later identified in exploit kit campaigns. RIG exploit kit The well-documented Seamless gate appears to have diversified itself as of late with distinct threads pushing a specific payload. While Seamless is notorious for having switched to International Domain Names (IDNs) containing ...
Citiți mai multe