Security News > 2018 > April > Hackers Exploiting Drupal Vulnerability to Inject Cryptocurrency Miners
2018-04-18 10:03
The Drupal vulnerability (CVE-2018-7600), dubbed Drupalgeddon2 that could allow attackers to completely take over vulnerable websites has now been exploited in the wild to deliver malware backdoors and cryptocurrency miners. Drupalgeddon2, a highly critical remote code execution vulnerability discovered two weeks ago in Drupal content management system software, was recently patched by the
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/MD2BV_vaXf8/drupal-cryptocurrency-hacking.html
Related news
- Hackers Exploit PHP Vulnerability to Deploy Stealthy Msupedge Backdoor (source)
- Volt Typhoon Hackers Exploit Zero-Day Vulnerability in Versa Director Servers Used by MSPs, ISPs (source)
- GeoServer Vulnerability Targeted by Hackers to Deliver Backdoors and Botnet Malware (source)
- North Korean Hackers Target Cryptocurrency Users on LinkedIn with RustDoor Malware (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-29 | CVE-2018-7600 | Improper Input Validation vulnerability in multiple products Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations. | 7.5 |