Security News

KashmirBlack Botnet Hijacks Thousands of Sites Running On Popular CMS Platforms
2020-10-29 03:02

An active botnet comprising hundreds of thousands of hijacked systems spread across 30 countries is exploiting "Dozens of known vulnerabilities" to target widely-used content management systems. The cybersecurity firm's six-month-long investigation into the botnet reveals a complex operation managed by one command-and-control server and more than 60 surrogate servers that communicate with the bots to send new targets, allowing it to expand the size of the botnet via brute force attacks and installation of backdoors.

Compromised CMS Credentials Likely Used to Hack Trump Campaign Website
2020-10-28 13:04

Security researchers believe that compromised credentials were used by hackers to access the content management system behind Donald Trump's campaign website. According to WordPress security solutions provider Defiant, which develops the Wordfence product, the hackers most likely used compromised credentials for access, supposedly targeting the underlying Expression Engine content management system, which is an alternative to WordPress.

Surging CMS attacks keep SQL injections on the radar during the next normal
2020-09-02 05:00

In this article, we'll take a look at security vulnerabilities in the context of CMS platforms and the implications of SQL injection attacks on your website. Web app attacks, which are commonly executed via SQL injection, are down from last year but have been trending dangerously upward since February, with 2.1 million attacks rising steadily to 4.9 million attacks in June.

Vulnerability Allowing Full Server Takeover Found in Concrete5 CMS
2020-08-18 15:35

A remote code execution vulnerability addressed recently in Concrete5 exposed numerous websites to attacks, Edgescan reports. What Edgescan discovered was an RCE flaw in Concrete5 that could have allowed an attacker to inject a reverse shell into vulnerable web servers, thus taking full control of them.

Over 30 Vulnerabilities Discovered Across 20 CMS Products
2020-08-10 10:31

Researchers have identified more than 30 vulnerabilities across 20 popular content management systems, including Microsoft SharePoint and Atlassian Confluence. "In the most simple attack scenario, the attacker has access to the target CMS applications such as regular Sharepoint users being able to create their own sites and therefore being able to provide their own templates," Muñoz explained.

Anti-NATO Disinformation Campaign Leveraged CMS Compromises
2020-07-31 16:03

The influence campaign does not merely spread false news content on social media platforms such as Twitter and Facebook, as other disinformation campaigns have done. "We have dubbed this campaign 'Ghostwriter,' based on its use of inauthentic personas posing as locals, journalists, and analysts within the target countries to post articles and op-eds referencing the fabrications as source material to a core set of third-party websites that publish user-generated content," according to FireEye researchers in a Thursday analysis.

Drupal Warns Web Admins to Update CMS Sites to Patch a Critical Flaw
2019-12-19 06:42

If you haven't recently updated your Drupal-based blog or business website to the latest available versions, it's the time. Drupal development team yesterday released important security updates...

Pass the salt! Popular CMSs aren’t securing passwords properly
2019-06-19 12:23

A group of researchers has discovered that many of the web's most popular content management systems are using obsolete algorithms to protect their users' passwords.

Drupal Releases Core CMS Updates to Patch Several Vulnerabilities
2019-04-17 22:03

Drupal, the popular open-source content management system, has released security updates to address multiple "moderately critical" vulnerabilities in Drupal Core that could allow remote attackers...

Hackers Target Fresh Drupal CMS Flaw to Infiltrate Sites
2019-02-22 13:33

CMS Project Team Patches "Highly Critical" Remote Code Execution VulnerabilityPatch alert: Some versions of the popular content management system Drupal have a "highly critical" flaw that...