Security Affairs

OCTOBER 19, 2018

The Drupal development team has patched s everal vulnerabilities in version 7 and 8 of the popular CMS, including RCE flaws. ” reads the security advisory. Security Affairs – Drupal, hacking ). The post Drupal dev team fixed Remote Code Execution flaws in the popular CMS appeared first on Security Affairs.

CMS 264

CMS Access Risk Security 264

Security Affairs

APRIL 18, 2019

The developers of the Symfony PHP web application framework released updates that patch five vulnerabilities, three affecting the Drupal CMS. The development team of the Symfony PHP web application framework released security updates for five issues, three of which also affects Drupal 7 and 8. extend ( ) function.”

CMS 262

CMS Security IT 262

Security Affairs

SEPTEMBER 17, 2020

Drupal maintainers addressed several information disclosure and cross-site scripting (XSS) flaws in the popular content management system (CMS). Drupal maintainers addressed several information disclosure and cross-site scripting (XSS) vulnerabilities in the popular content management system (CMS). ” reads the advisory.

CMS 361

CMS Metadata Access Security 361

Security Affairs

JANUARY 13, 2025

Stealthy credit card skimmer targets WordPress e-commerce sites, injecting malicious JavaScript into CMS database tables to evade detection. Sucuri researchers warn of a stealthy credit card skimmer campaign targeting WordPress e-commerce sites by injecting malicious JavaScript into CMS database tables.

CMS 166

CMS Encryption IT Information Security 166

Security Affairs

JUNE 30, 2024

Every week the best security articles from Security Affairs are free in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security 321

Security CMS Ransomware Data breaches 321

Security Affairs

NOVEMBER 27, 2019

Adobe discloses security breach impacting Magento Marketplace users. Adobe discloses a security breach that affected the users of the Magento marketplace website, the incident was discovered last week. The Magento Marketplace is a website for buying and downloading themes and plugins for e-stores running the Magento CMS.

CMS 347

CMS Data breaches Passwords Access 347

Security Affairs

DECEMBER 1, 2021

Mozilla fixed a critical memory corruption issue affecting its cross-platform Network Security Services (NSS) set of cryptography libraries. Mozilla has addressed a heap-based buffer overflow vulnerability (CVE-2021-43527) in its cross-platform Network Security Services (NSS) set of cryptography libraries. Pierluigi Paganini.

Libraries 351

Libraries Security CMS Communications 351

Security Affairs

OCTOBER 26, 2020

Security experts spotted a new botnet, tracked as KashmirBlack botnet, that likely infected hundreds of thousands of websites since November 2019. KashmirBlack scans the internet for sites using vulnerable CMS versions and attempting to exploit known vulnerabilities to them and take over the underlying server. Pierluigi Paganini.

CMS 318

CMS Mining Communications Security 318

Security Affairs

FEBRUARY 23, 2025

Every week the best security articles from Security Affairs are free in your email box. CISA adds Craft CMS and Palo Alto Networks PAN-OS flaws to its Known Exploited Vulnerabilities catalog Atlassian fixed critical flaws in Confluence and Crowd Salt Typhoon used custom malware JumbledPath to spy U.S. Lazarus APT stole $1.5B

Security 166

Security CMS Phishing Encryption 166

Security Affairs

DECEMBER 16, 2020

“A potential security vulnerability has been identified in HPE Systems Insight Manager (SIM) version 7.6. ” reads the security advisory. mxtool -r -f toolsmulti-cms-search.xml 1>nul 2>nul. mxtool -r -f toolsmulti-cms-search.xml 1>nul 2>nul. Pierluigi Paganini.

CMS 356

CMS Security IT Access 356

Security Affairs

MAY 12, 2020

Maintainers of the vBulletin project have released an important fix to address a security vulnerability tracked as CVE-2020-12720. Administrators of online discussion forums based on the popular vBulletin CMS urge to update their install to address a critical security vulnerability tracked as CVE-2020-12720. before 5.6.1pl1.

CMS 342

CMS Security Access IT 342

Data Breach Today

JUNE 30, 2021

CMS Says It's Considering New Cybersecurity Requirements The Centers for Medicare and Medicaid Services is considering new cybersecurity requirements for hospitals participating in Medicare after a watchdog agency recommended CMS should require the facilities to address the cybersecurity of their networked medical devices.

CMS 238

CMS Cybersecurity Security IT 238

Security Affairs

APRIL 5, 2024

Adobe addressed the issue with the Patch Tuesday security updates for February 2024. In this case, the command is sed, which adds a backdoor to the (automatically generated) CMS controller.” . “Adobe Commerce versions 2.4.6-p3, Exploitation of this issue does not require user interaction.” ” reads the advisory.

CMS 340

CMS Security IT Information Security 340

Security Affairs

JANUARY 22, 2021

Drupal development team released security updates to address a vulnerability that resides in the PEAR Archive_Tar third-party library. The Drupal development team has released security updates to address the CVE-2020-36193 vulnerability in the PEAR Archive_Tar third-party library. and 7 of the popular CMS. bz2, or.tlz files.

Libraries 318

Libraries CMS Security IT 318

Security Affairs

FEBRUARY 22, 2024

Joomla maintainers have addressed multiple vulnerabilities in the popular content management system (CMS) that can lead to execute arbitrary code. The impact of these flaws can be widespread because roughly 2% of all websites use Joomla, millions of websites worldwide use this CMS. The maintainers of the Joomla!

CMS 343

CMS Access Cybersecurity Risk 343

Security Affairs

MARCH 29, 2019

Administrators of Magento e-commerce websites have to update their installations due to the presence of a critical SQL injection vulnerability in the popular CMS. This week Magento released new versions of to address a total of 37 security vulnerabilities. ” reads the security advisory published by Magento. prior to 2.1.17

CMS 264

CMS Passwords Authentication Security 264

Security Affairs

FEBRUARY 21, 2019

Security expert found a “highly critical” vulnerability (CVE-2019-6340) in the popular Drupal CMS that could be exploited for remote code execution. Drupal released security updates that addresses a “highly critical” vulnerability in the popular Drupal CMS, tracked as CVE-2019-6340, that could be exploited for remote code execution.

CMS 275

CMS Security IT 275

Security Affairs

JUNE 5, 2022

A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for free in your email box. Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. Million Alert! Pierluigi Paganini.

Security 265

Security CMS Ransomware Cybersecurity 265

Security Affairs

JULY 31, 2022

A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for free in your email box. Security Affairs newsletter Round 375 by Pierluigi Paganini A database containing data of 5.4 and Blackmatter ransomware U.S. and Blackmatter ransomware U.S.

Security 246

Security CMS MDM Ransomware 246

Security Affairs

NOVEMBER 19, 2020

Drupal development team has released security updates to address a remote code execution flaw, tracked as CVE-2020-13671. The Drupal development team has released security updates to fix a remote code execution vulnerability related caused by the failure to properly sanitize the names of uploaded files. Pierluigi Paganini.

CMS 311

CMS Libraries Security Information Security 311

Security Affairs

SEPTEMBER 1, 2024

Every week the best security articles from Security Affairs are free in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security 300

Security CMS Phishing Ransomware 300

Security Affairs

JUNE 17, 2022

China-linked threat actors exploited the zero-day flaw CVE-2022-1040 in Sophos Firewall weeks before it was fixed by the security vendor. The vulnerability was exploited by the Chinese attackers to drop a webshell into the target systems weeks before it was fixed by the security vendor. and impacts Sophos Firewall versions 18.5

CMS 362

CMS IT Authentication Access 362

Security Affairs

OCTOBER 3, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability to its Known Exploited Vulnerabilities catalog in July 2024. The typical attack strategy is to steal your secret crypt key from app/etc/env.php and use that to modify your CMS blocks via the Magento API. ” reads the advisory published by Sansec.

CMS 343

CMS Passwords Cybersecurity IT 343

Security Affairs

DECEMBER 14, 2022

. “Although this malware is still a work in progress, the fact that it has a fully functional WordPress brute forcer combined with its anti-bot evasion techniques makes it a threat to watch for—especially with the immense popularity of the WordPress CMS, which powers millions of websites globally.” ” concludes the report.

CMS 356

CMS Encryption Risk Passwords 356

Security Affairs

DECEMBER 14, 2018

of the popular CMS, that addresses several flaws. The Researcher Tim Coen discovered several cross-site scripting (XSS) vulnerabilities in the CMS. Karim El Ouerghemmi discovered that security issues allows authors to alter metadata and delete files that they normally would not be authorized to delete. and older releases.

CMS 272

CMS Metadata Passwords Security 272

Security Affairs

MAY 13, 2024

In August 2020, security experts from FireEye uncovered a disinformation campaign aimed at discrediting NATO by spreading fake news content on compromised news websites. According to FireEye, the campaign tracked as GhostWriter, has been ongoing since at least March 2017 and is aligned with Russian security interests.

CMS 355

CMS Military Archiving Security 355

Security Affairs

JULY 19, 2020

A Server-side request forgery (also known as SSRF) is a web security vulnerability that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker’s choosing. This time they have exploited the issue to gain access to the [link] domain and deface it. ” the hackers told me.

CMS 288

CMS Military Access Government 288

Security Affairs

JUNE 18, 2020

Drupal released security updates to patch several security issues, including a flaw that could allow an attacker to execute arbitrary PHP code. SecurityAffairs – hacking, CMS). The post Drupal addresses critical code execution vulnerability appeared first on Security Affairs. Pierluigi Paganini.

CMS 325

CMS Security Access IT 325

Security Affairs

OCTOBER 21, 2018

The best news of the week with Security Affairs. Security Affairs – Newsletter ). The post Security Affairs newsletter Round 185 – News of the week appeared first on Security Affairs. A new round of the weekly SecurityAffairs newsletter arrived! 20% discount. Kindle Edition. Paper Copy. Pierluigi Paganini.

Security 241

Security CMS Ransomware Paper 241

Security Affairs

JANUARY 17, 2019

Drupal released security updates for Drupal 7, 8.5 that address two “critical” security vulnerabilities that could be exploited for arbitrary code execution. ” reads the security advisory. ” reads the security advisory. ” reads the security advisory. or PHP 5.3.0-5.3.2) Drupal 8.6.6,

CMS 261

CMS Libraries Security Access 261

Security Affairs

JANUARY 23, 2022

The Cybersecurity and Infrastructure Security Agency (CISA) this week added seventeen actively exploited vulnerabilities to the Catalog. CVE Number CVE Title Required Action Due Date CVE-2021-32648 October CMS Improper Authentication 2/1/2022 CVE-2021-21315 System Information Library for node.js Pierluigi Paganini.

CMS 292

CMS IT Authentication Libraries 292

Security Affairs

AUGUST 23, 2020

Every week the best security articles from Security Affairs free for you in your email box. The post Security Affairs newsletter Round 278 appeared first on Security Affairs. A new round of the weekly SecurityAffairs newsletter arrived! users Thousands of WordPress WooCommerce stores potentially exposed to hack.

Security 199

Security CMS Data breaches Ransomware 199

Security Affairs

JANUARY 14, 2022

According to journalist Kim Zetter, attackers apparently exploited a vulnerability in the October CMS tracked as CVE-2021-32648 , a news later confirmed by the national CERT. The post Threat actors defaced Ukrainian government websites appeared first on Security Affairs. Follow me on Twitter: @securityaffairs and Facebook.

Government 292

Government CMS Personal data Education 292

Security Affairs

DECEMBER 13, 2021

Cybersecurity and Infrastructure Security Agency (CISA) added 13 new vulnerabilities to the Known Exploited Vulnerabilities Catalog , including recently disclosed Apache Log4Shell Log4j and Fortinet FortiOS flaws. The post CISA adds Log4Shell Log4j flaw to the Known Exploited Vulnerabilities Catalog appeared first on Security Affairs.

CMS 288

CMS Authentication Libraries Risk 288

Security Affairs

AUGUST 27, 2024

The WPML Multilingual CMS Plugin for WordPress is installed on over 1 million sites. This case serves as a reminder that security is a continuous process, requiring vigilance at every stage of development and data processing.” ” continues stealthcopter. The flaw affects plugin versions prior 4.6.13

CMS 315

CMS Authentication Security IT 315

Security Affairs

JULY 23, 2024

Security researchers from Sucuri observed threat actors using swap files in compromised Magento websites to conceal a persistent software skimmer and harvest payment information. ” The abuse of the swap file system by attackers underscores the necessity of deeper security measures beyond basic scans.

Cleanup 336

Cleanup CMS File names Analytics 336

Data Breach Today

MARCH 9, 2020

ONC, CMS Rules Aim to Provide Patients with Secure Access to Health Data The Department of Health and Human Services Monday released its long-awaited interoperability and information blocking final rules.

CMS 222

CMS Access Security IT 222