{"id":6508,"date":"2014-11-03T10:31:55","date_gmt":"2014-11-03T15:31:55","guid":{"rendered":"https:\/\/www.kaspersky.co.za\/blog\/?p=6508"},"modified":"2020-08-28T10:11:51","modified_gmt":"2020-08-28T08:11:51","slug":"talk_security_october_2014","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.za\/blog\/talk_security_october_2014\/6508\/","title":{"rendered":"Talk Security: Drupal Sites Compromised in October"},"content":{"rendered":"<p>Brian Donohue and Chris Brook discuss late breaking news of an announcement from Drupal, warning customers that they should assume their sites have been compromised unless they installed an update from mid-October within hours of the release. This and more in the October edition of the Talk Security monthly news round-up podcast.<\/p>\n<p><iframe loading=\"lazy\" src=\"\/\/html5-player.libsyn.com\/embed\/episode\/id\/3153768\/height\/270\/width\/270\/theme\/standard\/direction\/no\/autoplay\/no\/autonext\/no\/thumbnail\/yes\/preload\/no\/no_addthis\/no\/\" frameborder=\"0\" scrolling=\"no\" marginwidth=\"0\" marginheight=\"0\" width=\"270px\" height=\"270px\"><\/iframe><\/p>\n<div class=\"podcast-subscribe\"><a data-omniture-download-button-type=\"TrialBuilds\" data-omniture-product-name=\"podcast-itunes\" class=\"itunes\" href=\"https:\/\/itunes.apple.com\/us\/podcast\/talk-security\/id909407206\" target=\"_blank\" rel=\"noopener nofollow\"><img decoding=\"async\" src=\"https:\/\/www.kaspersky.co.za\/blog\/wp-content\/plugins\/kaspersky-embeds\/img\/button-subscribe-apple.png\"><\/a><a data-omniture-download-button-type=\"TrialBuilds\" data-omniture-product-name=\"podcast-spotify\" class=\"spotify\" href=\"https:\/\/open.spotify.com\/show\/1VGCKlOoQ9C24dJiCHGTK5\" target=\"_blank\" rel=\"noopener nofollow\"><img decoding=\"async\" src=\"https:\/\/www.kaspersky.co.za\/blog\/wp-content\/plugins\/kaspersky-embeds\/img\/button-subscribe-spotify.png\"><\/a><a data-omniture-download-button-type=\"TrialBuilds\" data-omniture-product-name=\"podcast-rss\" class=\"rss\" href=\"http:\/\/talksecurity.kaspersky-podcasts.libsynpro.com\/rss\" target=\"_blank\" rel=\"noopener nofollow\"><img decoding=\"async\" src=\"https:\/\/www.kaspersky.co.za\/blog\/wp-content\/plugins\/kaspersky-embeds\/img\/button-subscribe-rss.png\"><\/a><\/div>\n<p style=\"text-align: center\"><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/103\/2014\/11\/06015633\/badge_itunes-lrg-1.png\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/103\/2014\/11\/06015633\/badge_itunes-lrg-1.png\" alt=\"rss-podcasts\" width=\"110\" height=\"40\"><\/a> <a href=\"http:\/\/talksecurity.kaspersky-podcasts.libsynpro.com\/rss\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full\" src=\"\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/103\/2014\/11\/06042137\/rss-podcasts1.png\" alt=\"rss-podcasts\" width=\"116\" height=\"40\"><\/a><\/p>\n<p><em>SUPPLEMENTARY READING LIST<\/em><\/p>\n<p>Follow the links in the text below if you\u2019re interested in exploring the podcast topics in greater depth.<strong>\u00a0<\/strong><\/p>\n<p><strong>Drupal<\/strong><\/p>\n<p>Handlers of the popular Drupal content management system announced late in October that attackers were exploiting a vulnerability patched in Drupal version seven on a massive scale. Drupal had fixed the bug earlier in the month, but sites that failed to install that patch within hours, they said, <a href=\"https:\/\/threatpost.com\/assume-every-drupal-7-site-was-compromised-unless-patched-by-oct-15\/109095\" target=\"_blank\" rel=\"noopener nofollow\">should operate under the assumption that they\u2019d been compromised<\/a>.<\/p>\n<p>In an attack that may or may not be related to Drupal, the website of <a href=\"https:\/\/threatpost.com\/popular-science-website-infected-serving-malware\/109089\" target=\"_blank\" rel=\"noopener nofollow\">Popular Science Magazine was found to be infected with malware<\/a> last week.<\/p>\n<blockquote class=\"twitter-pullquote\"><p>Talk Security Podcast: @TheBrianDonohue and @Threatpost\u2019s Chris Brook discuss October\u2019s #security and #privacy headlines<\/p><a href=\"https:\/\/twitter.com\/share?url=https%3A%2F%2Fkas.pr%2F743H&amp;text=Talk+Security+Podcast%3A+%40TheBrianDonohue+and+%40Threatpost%26%238217%3Bs+Chris+Brook+discuss+October%26%238217%3Bs+%23security+and+%23privacy+headlines\" class=\"btn btn-twhite\" data-lang=\"en\" data-count=\"0\" target=\"_blank\" rel=\"noopener nofollow\">Tweet<\/a><\/blockquote>\n<p><strong>Ransomware<\/strong><\/p>\n<p>It was discovered that some Yahoo subdomains hosted malicious advertisements that were infecting users with the infamous <a href=\"https:\/\/threatpost.com\/malvertising-campaign-on-yahoo-aol-triggers-cryptowall-infections\/108987\" target=\"_blank\" rel=\"noopener nofollow\">Cryptowall malware<\/a>. Microsoft issued a warning about a separate piece of ransomware called <a href=\"https:\/\/threatpost.com\/microsoft-warns-of-crowti-ransomware\/109075\" target=\"_blank\" rel=\"noopener nofollow\">Crowti<\/a>.<\/p>\n<p><strong>Data Breaches<\/strong><\/p>\n<p>This month\u2019s list of data breaches includes the investment banking giant <a href=\"https:\/\/threatpost.com\/76m-households-7m-businesses-impacted-in-jpmorgan-chase-breach\/108683\" target=\"_blank\" rel=\"noopener nofollow\">JP Morgan<\/a>, the office supply retailer <a href=\"https:\/\/threatpost.com\/staples-looking-into-potential-payment-card-breach\/108946\" target=\"_blank\" rel=\"noopener nofollow\">Staples<\/a> and the discount department store <a href=\"https:\/\/threatpost.com\/kmart-latest-retail-chain-to-disclose-payment-card-breach\/108829\" target=\"_blank\" rel=\"noopener nofollow\">K-Mart<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Drupal warns customers that they should assume their sites are compromised unless they installed an update from mid-October within hours of the release.<\/p>\n","protected":false},"author":42,"featured_media":6509,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5,2671],"tags":[314,36,485,43,97,1054],"class_list":{"0":"post-6508","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"category-special-projects","9":"tag-data-breach","10":"tag-malware-2","11":"tag-podcast","12":"tag-privacy","13":"tag-security-2","14":"tag-talk-security"},"hreflang":[{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/talk_security_october_2014\/6508\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/talk_security_october_2014\/4311\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/talk_security_october_2014\/4236\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/talk_security_october_2014\/4756\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/talk_security_october_2014\/5006\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/talk_security_october_2014\/6508\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/talk_security_october_2014\/6508\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.co.za\/blog\/tag\/data-breach\/","name":"data breach"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts\/6508","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/users\/42"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/comments?post=6508"}],"version-history":[{"count":4,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts\/6508\/revisions"}],"predecessor-version":[{"id":27856,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts\/6508\/revisions\/27856"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/media\/6509"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/media?parent=6508"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/categories?post=6508"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/tags?post=6508"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}