“Assume every unpatched website running Drupal 7 was compromised”

Content management system Drupal has issued a chilling public service announcement to website admins and internet users who might visit the hundreds of thousands of sites running its software.

Assume your Drupal 7 website is compromised unless you updated it to 7.32 before Oct 15th, 11pm UTC.

Tags: , , , , ,


Private data leaks after being left on publicly accessible server – when will firms learn?

The personal details of 300,000 people (including social security numbers) were left on a publicly accessible folder, open to anybody on the Internet who knew how to perform a Google search.

Who needs to exploit a website vulnerability, or sloppy password security, when companies are this careless?

Read more in my article on the Tripwire State of Security blog.

Tags: , , , ,


Hackers target military, embassy and defense workers in Operation Pawn Storm

A group of organised hackers are targeting government, media and military organisations in the United States, Pakistan, and across Europe.

Always take care logging into your company’s email via the web…

Read more in my article on the Lumension Optimal Security blog.

Tags: , ,


Ouch! Security expert writes book about hackers, then his publisher is hacked

Brian Krebs’s upcoming book is bound to be brilliant because, well.. frankly, everything Krebs does is brilliant.

But it’s kinda ironic that his publisher got hacked, with customers’ credit card details put at risk.

Read more in my article on the Hot for Security blog.

Tags: , ,