return icon Vietnamnet.vn
News
03/11/2014   14:00 (GMT+07:00)

Millions of websites hit by Drupal hack attack

 Up to 12 million websites may have been compromised by attackers who took advantage of a bug in the widely used Drupal software.

Up to 12 million websites may have been compromised by attackers who took advantage of a bug in the widely used Drupal software.

{keywords}

Millions of sites are managed and updated using Drupal

 

The sites use Drupal to manage web content and images, text and video.

Drupal has issued a security warning saying users who did not apply a patch for a recently discovered bug should "assume" they have been hacked.

It said automated attacks took advantage of the bug and can let attackers take control of a site.

'Shocking' statement

In its "highly critical" announcement, Drupal's security team said anyone who did not take action within seven hours of the bug being discovered on 15 October should "should proceed under the assumption" that their site was compromised.

Anyone who had not yet updated should do so immediately, it warned.

However, the team added, simply applying this update might not remove any back doors that attackers have managed to insert after they got access. Sites should begin investigations to see if attackers had got away with data, said the warning.

"Attackers may have copied all data out of your site and could use it maliciously," said the notice. "There may be no trace of the attack." It also provided a link to advice that would help sites recover from being compromised.

Mark Stockley, an analyst at security firm Sophos, said the warning was "shocking".

The bug in version 7 of the Drupal software put attackers in a privileged position, he wrote. Their access could be used to take control of a server or seed a site with malware to trap visitors, he said.

He estimated that up to 5.1% of the billion or so sites on the web use Drupal 7 to manage their content, meaning the number of sites needing patching could be as high as 12 million.

Drupal should no longer rely on users to apply patches, said Mr Stockley.

"Many site owners will never have received the announcement and many that did will have been asleep," he said. "What Drupal badly needs but doesn't have is an automatic updater that rolls out security updates by default."

Source: BBC

MORE NEWS

Experts warn Vietnamese banks of risks following US banks’ collapse
Vietnamnet global

Experts warn Vietnamese banks of risks following US banks’ collapse

If bond issuers fall into insolvency, the price of bonds could fall to zero, creating a high risk for banks.
Hanoi to resume tourism services on West Lake
Vietnamnet global

Hanoi to resume tourism services on West Lake

Hanoi may resume 12 tourism services on the West Lake including boat transportation, after six years of suspension.
Car imports from Thailand still hold largest market share in Vietnam
Vietnamnet global

Car imports from Thailand still hold largest market share in Vietnam

Thailand once again led the market in terms of value and the number of CBU (complete built unit) cars imported to Vietnam in February 2023.
Deputy PM holds bilateral meetings on sidelines of UN 2023 Water Conference
Vietnamnet global

Deputy PM holds bilateral meetings on sidelines of UN 2023 Water Conference

Deputy Prime Minister Tran Hong Ha had bilateral meetings with many foreign leaders on the sidelines of the UN 2023 Water Conference, which is taking place in New York from March 22-24.
Vietnam temporarily suspends import, circulation of 15 types of medicines
Vietnamnet global

Vietnam temporarily suspends import, circulation of 15 types of medicines

The Drug Administration of Vietnam (DAV) under the Ministry of Health (MoH) has just issued an official dispatch on suspending the import, distribution, circulation and use of 15 types of medicines produced by Arena Group S.A. of Romania.
EVN urged to negotiate with renewable energy investors to fix electricity price
Vietnamnet global

EVN urged to negotiate with renewable energy investors to fix electricity price

The Ministry of Industry and Trade has urged the Electricity of Vietnam (EVN) and investors of transitional solar and wind plants to negotiate and agree to fix electricity prices before March 31.
Two arrested in 11kg drug transport from France to HCM City case
Vietnamnet global

Two arrested in 11kg drug transport from France to HCM City case

The Ho Chi Minh City Department of Public Security has just arrested two people involved in the case of transporting over 11 kilograms of narcotics and ecstasy from France to Tan Son Nhat International Airport, Vietnam.
VIETNAM NEWS HEADLINES MARCH 23/2023
Vietnamnet global

VIETNAM NEWS HEADLINES MARCH 23/2023

Renowned Vietnamese artists collaborate on unique porcelain artworks
VIETNAM BUSINESS NEWS MARCH 23/2023
Vietnamnet global

VIETNAM BUSINESS NEWS MARCH 23/2023

Dragon fruit export turnover reaches 47 million USD
Boxer beats Spainish rival to advance to World Championship’s semifinals
Vietnamnet global

Boxer beats Spainish rival to advance to World Championship’s semifinals

Vietnamese boxer Nguyen Thi Tam trounced Spanish rival Laura Fuertes 5-0 in the women's light flyweight category to advance to the semifinals of the IBA Women’s World Boxing Championships in New Delhi.
Ministry of Health warns of possible outbreaks of dangerous diseases
Vietnamnet global

Ministry of Health warns of possible outbreaks of dangerous diseases

In its yesterday’s official dispatch to people's committees of provinces and cities on organizing the implementation of the 2023 epidemic prevention plan, the Ministry of Health warned of possible outbreaks of dangerous diseases.
Another enterprise issues bonds, real estate bonds increase in value
Vietnamnet global

Another enterprise issues bonds, real estate bonds increase in value

A real estate firm has successfully raised funds by issuing VND4.7 trillion worth of corporate bonds. Just days before, another real estate firm also successfully issued VND2.3 trillion worth of bonds.
Stock market violations to face stricter sanctions
Vietnamnet global

Stock market violations to face stricter sanctions

The State Securities Commission (SSC) will review the Law on Securities and related decrees to complete the legal framework, and strengthen sanctions for violations to protect the legitimate rights and interests of investors.
Association calls for pilot implementation of battery-powered taxis
Vietnamnet global

Association calls for pilot implementation of battery-powered taxis

The Hanoi Taxi Association is urging for the pilot implementation of battery-powered cabs to reduce environmental impact and stay abreast of global trends.
Vietnam strives to eliminate malaria once and for all
Vietnamnet global

Vietnam strives to eliminate malaria once and for all

The Ministry of Health has announced plans to review, amend, and supplement professional guidelines to ensure nationwide implementation and assess the National Strategy for Malaria Prevention, Control, and Elimination by 2020.
back_to_top