Users of the Drupal content management system platform got a rude awakening this week: According to Drupal, automated attacks began compromising Drupal 7 websites that were not patched or updated to Drupal 7.32 within hours of the announcement of SA-CORE-2014-005 -- Drupal core -- SQL injection. And here's the kicker –- users should proceed with the assumption that every Drupal 7 website was compromised unless it was updated before 11:00 p.m. UTC on Oct. 15.
One of Apple's competitors in the mobile payment space sent out an email Wednesday telling users it had been breached.
CurrentC, which is a mobile payment system backed by the Mercantile Exchange (MCX), sent out an email to its pilot users stating that an unauthorized third party had obtained email addresses of some of its users, the MCX confirmed to CNBC in an email statement.
The security team for Drupal project is warning users that websites running unpatched installations of version 7 of the popular open source content management system (CMS) may be compromised by automated attacks.
"You should proceed under the assumption that every Drupal 7 website was compromised unless updated or patched before Oct 15, 11pm UTC, that is 7 hours after the announcement," the security team said.
The White House is playing down reports that its computer system has been hacked.
"In the course of assessing recent threats, we identified activity of concern on the unclassified Executive Office of the President network," one source told The Washington Post.
Josh Pitts of Leviathan Security Group has uncovered a malicious Tor exit node in Russia. The node wraps Windows executable files inside a second, malicious Windows executable. The wrapping is only attempted on uncompressed Windows PE (Portable Executable) files.