Brian Donohue and Chris Brook discuss late breaking news of an announcement from Drupal, warning customers that they should assume their sites have been compromised unless they installed an update from mid-October within hours of the release. This and more in the October edition of the Talk Security monthly news round-up podcast.
SUPPLEMENTARY READING LIST
Follow the links in the text below if you’re interested in exploring the podcast topics in greater depth.
Handlers of the popular Drupal content management system announced late in October that attackers were exploiting a vulnerability patched in Drupal version seven on a massive scale. Drupal had fixed the bug earlier in the month, but sites that failed to install that patch within hours, they said, should operate under the assumption that they’d been compromised.
In an attack that may or may not be related to Drupal, the website of Popular Science Magazine was found to be infected with malware last week.
Talk Security Podcast: @TheBrianDonohue and @Threatpost’s Chris Brook discuss October’s #security and #privacy headlinesTweet
It was discovered that some Yahoo subdomains hosted malicious advertisements that were infecting users with the infamous Cryptowall malware. Microsoft issued a warning about a separate piece of ransomware called Crowti.
This month’s list of data breaches includes the investment banking giant JP Morgan, the office supply retailer Staples and the discount department store K-Mart.