Announcements

RIG Exploit Kit Used in Drupal CMS Exploit Incidents

  • 5th November 2014
The public disclosure of a critical SQL injection vulnerability affecting all builds of Drupal 7, save for the last one, gave way to increased cybercriminal activity leveraging the RIG Exploit Kit to compromise website visitors through drive-by download attacks. The bad actors would rely on a simple redirect method via an iframe injected into the ...
Continue reading

Attackers Abuse UPnP Devices in DDoS Attacks, Akamai Warns

  • 18th October 2014
Researchers at Akamai Technologies have issued a warning about a spate of distributed denial-of-service attacks being launched via Universal Plug and Play (UPnP) devices.   According to Akamai's Prolexic Security Engineering & Response Team (PLXsert), there has been a spike in reflection and amplification distributed ...
Continue reading

Drupal Fixes Highly Critical SQL Injection Flaw

  • 17th October 2014
Drupal has patched a critical SQL injection vulnerability in version 7.x of the content management system that can allow arbitrary code execution. The flaw lies in an API that is specifically designed to help prevent against SQL injection attacks. “Drupal 7 includes a database abstraction API to ensure that queries executed against the ...
Continue reading

Joomla Re-Issues Security Update After Patches Glitch

  • 1st October 2014
Users of the Joomla content management system have been on a patching roller coaster the past 24 hours with one set of patches for critical vulnerabilities being pulled last night before being re-issued today. The Joomla update, bringing the CMS up to version 3.3.6, is a security update addressing a high priority remote file inclusion ...
Continue reading