Skip to main content

It took hackers only three days to start exploiting latest Drupal bug

posted onFebruary 27, 2019
by l33tdawg
Flickr
Credit: Flickr

Three days --that's the time it took hackers to start launching attacks against Drupal sites using an exploit for a security flaw the CMS project patched last week.

The attacks, detected by web firewall firm Imperva, tried to take advantage of yet-to-be-patched Drupal sites and plant a JavaScript cryptocurrency miner called CoinIMP on vulnerable sites.

The coin-mining script, which works similarly to the more famous Coinhive, would have used the browsers of all site visitors to mine the Monero cryptocurrency for the hackers. The attacks began on Saturday, February 23, according to Imperva, three days after the Drupal project patched a vulnerability tracked as CVE-2019-6340, and two days after proof-of-concept (PoC) exploit code became widely available online on different sites [1, 2].

Source

Tags

Security

You May Also Like

Recent News

Friday, November 29th

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th