Security News

A remote code execution vulnerability addressed recently in Concrete5 exposed numerous websites to attacks, Edgescan reports. What Edgescan discovered was an RCE flaw in Concrete5 that could have allowed an attacker to inject a reverse shell into vulnerable web servers, thus taking full control of them.

Researchers have identified more than 30 vulnerabilities across 20 popular content management systems, including Microsoft SharePoint and Atlassian Confluence. "In the most simple attack scenario, the attacker has access to the target CMS applications such as regular Sharepoint users being able to create their own sites and therefore being able to provide their own templates," Muñoz explained.

The influence campaign does not merely spread false news content on social media platforms such as Twitter and Facebook, as other disinformation campaigns have done. "We have dubbed this campaign 'Ghostwriter,' based on its use of inauthentic personas posing as locals, journalists, and analysts within the target countries to post articles and op-eds referencing the fabrications as source material to a core set of third-party websites that publish user-generated content," according to FireEye researchers in a Thursday analysis.

If you haven't recently updated your Drupal-based blog or business website to the latest available versions, it's the time. Drupal development team yesterday released important security updates...

A group of researchers has discovered that many of the web's most popular content management systems are using obsolete algorithms to protect their users' passwords.

Drupal, the popular open-source content management system, has released security updates to address multiple "moderately critical" vulnerabilities in Drupal Core that could allow remote attackers...

CMS Project Team Patches "Highly Critical" Remote Code Execution VulnerabilityPatch alert: Some versions of the popular content management system Drupal have a "highly critical" flaw that...

Versasec, the leader in smart card management systems, rolled out the latest generation of its flagship identity and access management (IAM) solution. vSEC:CMS S-Series v5.4 incorporates a variety...

Security Experts Weigh In on Appropriate Uses of Secure TextingFederal regulators have clarified that the use of texting to place orders, such as for medications or tests, on any platform - secure...

CMS Airship is a free content management system designed and maintained by a team of PHP security experts at Paragon Initiative Enterprises. The web interface for managing your HTTP Public Key...