Instruments for monitoring oil tanks manufactured by the German company Tecson revealed a dangerous vulnerability…
The issue affects Drupal versions 7.58 and earlier, versions 8.x to 8.3.9, versions 8.4.x to 8.4.6, and versions 8.5.x to 8.5.1. According to Drupal, at the time of its discovery, more than 1 million sites were vulnerable. The exploits for Drupalgeddon2 were developed almost immediately.
A patch for the vulnerability was released a year and a half ago, and webmasters were urged to install it as soon as possible.
However, according to Akamai, attackers still use Drupalgeddon2 to attack large sites.
“Critical vulnerabilities will be targeted, even if their public disclosure date is over a year old. When the vulnerability’s exploitation is simple, which is the case with Drupalgeddon2, attackers will automate the process of scanning, exploitation, and infection when there are poorly maintained and forgotten systems. This creates a problem for enterprise operations and web administrators, as these old forgotten installs are often connected to other critical systems – creating a pivot point on the network”, — writes Larry Cashdollar from Akamai.
Cybercriminals exploit the vulnerability with a malicious index.inc.gif GIF file, which is stored on a Brazilian body-surfing site, which was most likely hacked.
Read also: Muhstik Ransomware was hacked. Free keys for 2858 Muhstik victims.
Image contains obfuscated PHP code and archived malware encrypted with base64. The malware is a Perl script that connects to the C&C infrastructure via IRC, has the functions of a remote access Trojan (RAT) and allows for (D) DoS attacks.
Pbmsoultions.com is a domain that tries to trick you into clik to its browser notifications…
Prizestash.com is a site that tries to trick you into subscribing to its browser notifications…
Verifiedbreaking.com is a domain that tries to force you into subscribing to its browser notifications…
Themoneyminutes.com is a domain that tries to force you into subscribing to its browser notifications…
News-xcidizi.com is a domain that tries to trick you into clik to its browser notifications…
Everytraffic-flow.com is a domain that tries to trick you into subscribing to its browser notifications…