Advertisement
Top

Drupal sites at risk due to insecure update mechanism

January 8, 2016

Via: CSO Online
Category:

The update mechanism of the popular Drupal content management system is insecure in several ways, allowing attackers to trick administrators into installing malicious updates.

Researcher Fernando Arnaboldi from security firm IOActive noticed that Drupal will not inform administrators that an update check has failed, for example due to inability to access the update server.

Read More on CSO Online

RELATED PUBLICATIONS

US water facility OT infrastructure is under attack again
Network specialist debuts free tool that promises to solve VPN and ZTNA connectivity issues for good
Passwords under seven characters can be easily cracked

Latest Publications

Chinese government website security is often worryingly bad, say Chinese researchers
Indonesia sneakily buys spyware, claims Amnesty International
97% of security leaders have increased SaaS security budgets
Security Curated Copyright © 2024. All rights reserved
Go to ITCurated!