Drupal will issue important security patches today, update your FoxIt PDF reader and why cyber criminals like blockchain.
We’re bringing you the latest cyber security news Welcome to Cyber Security Today. It’s Wednesday April 26th.
Content management software such as WordPress and Drupal are behind many news Web sites you read. Today Drupal is scheduled to release security updates for several versions of its platform to combat a very critical vulnerability dubbed “Drupalgeddon2.” This is a follow-on to security updates issued only four weeks ago. In an advisory the Drupal Security Team urges administrators to test and install the updates as soon as possible.
Drupal is favoured by a number of organizations because it is open source. It’s now on version 8.5.
The first huge so-called Drupalgeddon was found in 2014. The latest problems allow remote attackers without special roles or permissions to take complete control of Drupal sites. Starting in early April, large scale automated attacks against vulnerable sites were seen. Last week a large number of attacks were reported against vulnerable sites. Today’s patches need to be taken seriously.
Speaking of patches, there’s a new one available for FoxIt, the free alternative to the popular Adobe Acrobat Reader for reading PDFs. Last week researchers with Cisco System’s threat intelligence service revealed five bugs that could be exploited by an attacker. To its credit, FoxIt quickly released fixes for these and a bunch of other problems it found. So those of you who use FoxIt and FoxIt Phantom, a PDF editor, should go to the FoxIt web suite and update. Make sure you are now using version 9.1.
Finally, every software vendor is trying to take advantage of blockchain, the technology that supports digital currencies like Bitcoin. Well, where industry goes criminals are quick to follow. FireEye reports that cyber criminals are using blockchains to host their malicious content. That’s because they can register blockchain domains – web sites that end in DOT-BIT or DOT-BAZAR, just like people can register a DOT COM domain. Only blockchain domains are anonymous. That makes it hard for police to shut them down. FireEye says usage of blockchain domains for malicious infrastructure will continue to gain popularity among cyber criminals worldwide.
That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Play, or add us to your Alexa Flash Briefing. Thanks for listening.