A critical vulnerability is not the end of the world if the issue is addressed properly. This is what the security team at Drupal – a Content Management System (CMS) did. 2 weeks ago, they identified a serious Drupalgeddon2 security vulnerability. However, before this information was leaked to the Internet, a relevant patch had already been developed and made available.
Attack the unprepared
On April 11, Check Point and Dofinity experts published complete information on Drupalgeddon2 (designated as CVE-2018-7600). A PoC (proof-of-concept) for the code exploiting the vulnerability was developed based on this data. The material was posted on GitHub.
How to protect Drupal CMS?
Most importantly – immediately update the CMS to Drupal 7.58 or 8.5.1. An update for an older version, i.e., 6 (for which the support ended in February 2016) was also developed. Because, as history shows, it is only a matter of time until we experience a pioneer attack on websites utilizing this technology.
Source: The Hacker News
—
Do you need cybersecurity solutions for your company – then contact us.
