Cyber security news for all

More

    A security vulnerability in Drupal lets admin accounts vulnerable

    Website admins who created their pages with the Drupal 7 content management system should install a security update as soon as possible. Otherwise, attackers could redirect visitors to a website they created. Criminal attackers who can use the library to create content for a vulnerable website could also use the vulnerability to attack admin accounts.

    The Creators Are Already Recommending That Operators Consider The Update To A New Version

    In a security warning, the Drupal developers classify the attack risk from the vulnerability as moderately critical. A CVE number to identify the vulnerability has obviously not yet been assigned. It is an open redirect vulnerability that only affects Drupal 7. If an attack is successful, attackers could lure victims to a website they control. This could happen due to an insufficient check of the destination query parameter.

    Depending on the complexity of a project, a major update from Drupal means a lot of effort. Above all, extensive changes to individual modules were required in the past in order to make them executable under a new version. However, if you are now planning to update from version 7 to 8, version 9 should not be too expensive.

    Drupal update is expected to be released before version 7 support ends in 2020. However, the last iteration of the 8 version and the first of the ninth should be relatively identical, only outdated code should be removed and dependencies should be updated. Users who still want or need to use Drupal in version 7 after 2021 can rely on a paid support program, which was already available during the transition from version 6 to 7, which brought major cuts. However, the minimum requirement for the version is increased to 7.1. There should also be a version of Drupal 7 that supports PHP 7.3, which is still supported until December 2021.

    Recent Articles

    Unauthorized access at Scalable Capital

    There has apparently been unauthorized access to individual data at Scalable Capital. The company informed its customers about the incident by mail yesterday, referring...

    The US accuses Russian officers of being in charge for cyber attacks

    The US government has brought charges against Russians who are alleged to have been involved in various cyber attacks as officers of the military...

    Twitter changed its rules for dealing with hacked data

    On Friday night, access to Twitter was disconnected for about two hours. The Chief Engineer announced that the reason was a rebuild in the...

    Norway sees Russia as the perpetrator of the cyber attack

    "It is important that our government refuses to send the Russians a clear sign that we do not know," said the Norway government. According...

    Phishing mail with an incorrect form for Corona bridging aid

    The representation of the European Commission warned of a phishing attempt targeting small and medium sized enterprises. Under the pretext for corona bridging aid,...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox