A new wave of attacks has been discovered on Drupal-based content management systems that weren't patched for the older flaw.

Dark Reading Staff, Dark Reading

October 8, 2019

1 Min Read

A vulnerability that's been patched is still a vulnerability if patches haven't been applied. And unpatched vulnerabilities are catnip to criminals. That's the case with Drupalgeddon2 (CVE-2018-7600), a critical vulnerability in CMS platform Drupal that was discovered and patched in 2018: new research show it's still being attacked and exploited today.

According to Larry Cashdollar, lead security researcher at Akamai, attackers are embedding obfuscated exploit code in .gif files. If executed, the code uses IRC (Internet Relay Chat) channels to contact a command and control server and then execute any of a variety of RAT, credential skimming, or DDoS payloads.

The attacks, so far, do not seem to target any particular industry or market segment, instead probing a range of high-profile websites. "When the vulnerability's exploitation is simple, which is the case with Drupalgeddon2, attackers will automate the process of scanning, exploitation, and infection when there are poorly maintained and forgotten systems," Cashdollar wrote in a post about his findings. These systems are often forgotten or neglected but connected to critical systems that can then be attacked at the criminal's leisure, he said.

For more, read here.

Edgepromohorizontal.jpgCheck out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "Rethinking Cybersecurity Hiring: Dumping Resumes & Other 'Garbage.'"

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights