Drupal released a security advisory on 10-15 (SA-CORE-2014-005). This vulnerability allows an attacker to send requests to a server that result in SQL injection. Within hours of the announcement they began seeing automated attacks compromising Drupal 7 websites. If you know anyone running Drupal 7 please make sure they are aware of this issue. If you think your site may be compromised please contact OUIT Security. Kind Regards, -Chad Chad Bailey Information Security Analyst OU Information Technology 405.325.4904 | http://www.ou.edu/ouit From: US-CERT <[log in to unmask]<mailto:[log in to unmask]>> Reply-To: "[log in to unmask]<mailto:[log in to unmask]>" <[log in to unmask]<mailto:[log in to unmask]>> Date: Wednesday, October 29, 2014 at 8:10 PM To: Chad Bailey <[log in to unmask]<mailto:[log in to unmask]>> Subject: Drupal Releases Public Service Announcement [NCCIC / US-CERT] National Cyber Awareness System: Drupal Releases Public Service Announcement<https://www.us-cert.gov/ncas/current-activity/2014/10/29/Drupal-Releases-Public-Service-Announcement> 10/29/2014 08:14 PM EDT Original release date: October 29, 2014 Drupal released a public service announcement to address active exploitations of a previously patched vulnerability found in Drupal core 7.x versions prior to 7.32. US-CERT advises users and administrators to review Drupal's Public Service announcement <https://www.drupal.org/PSA-2014-003> and apply the necessary updates or workarounds. ________________________________ This product is provided subject to this Notification<http://www.us-cert.gov/privacy/notification> and this Privacy & Use<http://www.us-cert.gov/privacy/> policy. ________________________________ OTHER RESOURCES: Contact Us<http://www.us-cert.gov/contact-us/> | Security Publications<http://www.us-cert.gov/security-publications> | Alerts and Tips<http://www.us-cert.gov/ncas> | Related Resources<http://www.us-cert.gov/related-resources> STAY CONNECTED: [Sign up for email updates]<http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new> SUBSCRIBER SERVICES: Manage Preferences<http://public.govdelivery.com/accounts/USDHSUSCERT/subscribers/new?preferences=true> | Unsubscribe<https://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/one_click_unsubscribe?verification=5.3a2e9254b755e1fd8bca03ddbd755013&[log in to unmask]> | Help<https://subscriberhelp.govdelivery.com/> ________________________________ This email was sent to [log in to unmask]<mailto:[log in to unmask]> using GovDelivery, on behalf of: United States Computer Emergency Readiness Team (US-CERT) · 245 Murray Lane SW Bldg 410 · Washington, DC 20598 · (703) 235-5110 [Powered by GovDelivery] <http://www.govdelivery.com/portals/powered-by> ######################################################################## To unsubscribe from the CAMPUSDEV-L list, click the following link: &*TICKET_URL(CAMPUSDEV-L,SIGNOFF);