Drupal released a security advisory on 10-15 (SA-CORE-2014-005). This vulnerability allows an attacker to send requests to a server that result in SQL injection. Within hours of the announcement they began seeing automated attacks compromising Drupal 7 websites. If you know anyone running Drupal 7 please make sure they are aware of this issue. If you think your site may be compromised please contact OUIT Security. 

Kind Regards,
-Chad

Chad Bailey

Information Security Analyst

OU Information Technology

 
405.325.4904 | http://www.ou.edu/ouit


From: US-CERT <[log in to unmask]>
Reply-To: "[log in to unmask]" <[log in to unmask]>
Date: Wednesday, October 29, 2014 at 8:10 PM
To: Chad Bailey <[log in to unmask]>
Subject: Drupal Releases Public Service Announcement

Drupal Releases Public Service Announcement

NCCIC / US-CERT

National Cyber Awareness System:

Drupal Releases Public Service Announcement
10/29/2014 08:14 PM EDT

Original release date: October 29, 2014

Drupal released a public service announcement to address active exploitations of a previously patched vulnerability found in Drupal core 7.x versions prior to 7.32.

US-CERT advises users and administrators to review Drupal's Public Service announcement and apply the necessary updates or workarounds.

 

 

This product is provided subject to this Notification and this Privacy & Use policy.

This email was sent to [log in to unmask] using GovDelivery, on behalf of: United States Computer Emergency Readiness Team (US-CERT) · 245 Murray Lane SW Bldg 410 · Washington, DC 20598 · (703) 235-5110 Powered by GovDelivery

To unsubscribe from the CAMPUSDEV-L list, click the following link:
&*TICKET_URL(CAMPUSDEV-L,SIGNOFF);