Drupal Developers are forced to release a second patch for Drupalgeddon2

Drupal to release a second patch for Drupalgeddon2 Yesterday, the developers of Drupal announced that versions 7.x, 8.4.x and 8.5.x this week will receive new security updates, since the critical vulnerability in CMS, known as Drupalgeddon2, could not be completely fixed by the first patches. Release of updates scheduled for April 25 . These patches are designed to eliminate the recently disclosed critical vulnerability, which received the identifier CVE-2018-7600 and the name Drupalgeddon2....


In Drupal patched not too dangerous XSS Vulnerability

In Drupal closed XSS Vulnerability Last Wednesday, the Drupal team released updates with a patch for the XSS vulnerability in the CKEditor module of the CMS core. This gap, estimated as moderately dangerous, is relevant only for Drupal 8; users are advised to install Assembly 8.5.2 or 8.4.7. According to the developer's blog entry for the CKEditor JavaScript library, the chance of an XSS attack appears when you use the image2 plugin, an enhanced version of the image plug-in in this editor. This...


Server's of LimeSurvey service was attacked by hackers

Server's of LimeSurvey service was attacked by hackers Specialists from the company RIPS Technologies found a dangerous vulnerability in the popular service for organizing online surveys LimeSurvey. vulnerability allow you to run arbitrary code on web servers. LimeSurvey is a free open source Internet application. According to Securityweek, it is downloaded about 10 thousand times a month. Users install the client on their server and interact with the system through the web interface. Two...


Thousands of hacked sites infect visitors' computers with malicious software

Thousands of sites hacked and infect visitors’ computers with malware The other day it became known that a Hackers hacked several thousands of different sites by downloading malware to servers. It was done in order to infect the user PCs when they visited their compromised website. The hack campaign was carefully disguised, and was held at least a few months ago. Most hacked sites are built on open seorse CMS as WordPress, Joomla and SquareSpace . Information about the incident was...


For the first quarter of 2018, Consumer Cryptomining malware up 4,000%

For the first quarter of 2018, Consumer Cryptomining malware up 4,000 Specialists Malwarebytes published a report according to which the number of incidents of crypto-jacking for the first quarter of 2018 increased by 4000% compared to the same period last year. But the attacks of extortion programs on the contrary went to decline, their number decreased by 35%. The company presented an interesting infographics. For example, in the graph below you can estimate the number of malicious mining...


More than 1000 Magento website were hacked.

More than 1000 sites based on Magento were hacked.Data on bank cards was stolen, and resources were installed on miners Experts Flashpoint reported that they found a compromise of more than 1000 sites running Magento. According to the company, the attackers not only steal data about bank cards of users of these resources, but also infect the sites themselves with malicious scripts, including for crypto currency mining, or use sites to store other malicious programs. Researchers explain that mass...