Evolution of Conditional Spam Targeting Drupal Sites
Cesar Anjos Last year we took a look at how attackers were infecting Drupal installations to spread their spam and keep their campaigns going by just including…
Browsing Category
Drupal Security
24 posts
Hacked Website Report – 2016/Q3
Daniel Cid Today we are proud to release our quarterly Hacked Website Report for 2016/Q3. This report is based on data collected and analyzed by the Sucuri…
Spotlight: How Softwear Systems Provides Drupal Security
Alycia Mitchell In the early 1980’s Softwear Systems opened up as a custom software company in Chicago. Over the years, its founder Mitch Meyers, learned how to…
Hacked Website Report – 2016/Q2
Today we’re releasing our quarterly Hacked Website Report for 2016/Q2. The data in this report is based on compromised websites we worked on, with insights…
Drupal SQLi (Drupalgeddon) Attack Trend CVE-2014-3704 / SA-CORE-2014-005
It has been over 19 months since Drupalgeddon, which refers to Drupal’s Security Advisory (SA) SA-CORE-2014-005. For those unfamiliar with it, it was a highly…
Finding Conditional Drupal Database Spam
Fioravante Souza Nobody likes spam. It’s never fun (unless you’re watching Monty Python). For us it comes with the territory; removing SEO spam has been at the…
The Psychology Behind Why Websites Get Hacked
Joseph Herbrandson It’s an everyday conversation for security professionals that interact with new customers. The one where we have to explain that just because everything seems fine,…
Drupal Warns – Every Drupal 7 Website Compromised Unless Patched
The Drupal team released an update to a critical SQL Injection vulnerability a few weeks ago and urged all their users to update or patch…
Drupal SQL Injection Attempts in the Wild
Update (2014/10/29): The Drupal team just released a Public Service Announcement, confirming what we are seeing (mass compromise of Drupal sites). We’ve released a new…
Highly Critical SQL Injection Vulnerability Patched in Drupal Core
The Drupal team just released a security update for Drupal 7.x to address a highly critical SQL injection vulnerability. This bug can be exploited remotely…
WordPress and Drupal Core Denial Of Service Vulnerability – Moderately Critical
David Dede Both WordPress and Drupal are affected by a DoS (denial of service) vulnerability on the PHP XML parser used by their XMLRPC implementations. The issue…