Stories
Slash Boxes
Comments

SoylentNews is people

Three Months Later, Mass Exploit of Powerful Web Servers Continues

posted by janrinok on Friday June 08 2018, @11:39PM   Printer-friendly
from the people-just-don't-care dept.

Arthur T Knackerbracket has found the following story:

More than 115,000 websites—many run by major universities, government organizations, and media companies—remained wide open to hacker takeovers because they hadn’t installed critical patches released 10 weeks ago, security researcher Troy Mursch said Monday. A separate researcher reported on Tuesday that many of the sites were already compromised and were being used to surreptitiously mine cryptocurrencies or push malware on unsuspecting visitors.

Infected pages included those belonging to the University of Southern California, Computer World’s Brazil site, and the Arkansas Judiciary’s Courts and Community Initiative, which were causing visitors’ computers to run resource-intensive code that mines cryptocurrency, Jérôme Segura, lead malware intelligence analyst at antivirus provider Malwarebytes, told Ars.

Segura said a Harvard University page that earlier was also infected with mining malware had since been defaced, presumably by a different party. Meanwhile, a Western Michigan University page that earlier was infected with code that pushed a malicious browser extension was later repaired. Segura reported his findings Tuesday and has indexed more than 900 infected sites here.

The lack of patching and the site takeovers that makes possible come after Drupal maintainers released an update in March that allowed hackers to remotely execute code of their choice. The severity of the vulnerability patched, combined with the ease in exploiting it, quickly earned the flaw the nickname Drupalgeddon2, a throwback to a similar 2014 Drupal vulnerability that came under mass exploit within hours of a patch being released. Drupal maintainers patched a separate code-execution vulnerability in April. The March and April vulnerability disclosures came with proof-of-concept exploits that provided a blueprint for malicious hackers to use. Almost immediately after the release of the April patch, the underlying vulnerability came under attack, but it so far has proven harder to successfully exploit.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Three Months Later, Mass Exploit of Powerful Web Servers Continues | Log In/Create an Account | Top | 4 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2, Funny) by realDonaldTrump on Saturday June 09 2018, @04:01AM

    by realDonaldTrump (6614) on Saturday June 09 2018, @04:01AM (#690667) Homepage Journal

    .....the Aristocrats.

    Starting Score:    1  point
    Moderation   +1  
       Funny=1, Total=1
    Extra 'Funny' Modifier   0  
    Total Score:   2