It’s cyber security month and, almost like it knew, the internet decided to throw a few scares at us this week. Yesterday we talked about the SandWorm bug and Poodle flaw, today we’ve got a vulnerability in Drupal. They may not have come up with a cool name for it yet, but this is another one that you’ll want to be rolling out the big guns for; and even if you’re not affected, it’s a great time to make sure you’re secure!
To set the scene a bit, Drupal is a popular CMS (content management system – similar kinda thing to WordPress) and its security team has reported a “highly critical” SQL vulnerability in version 7. Seeing as Drupal claims to have 932,851 installations of version 7, that’s a lot of people who should be getting their update on right about now!
But fear not – inside security release Drupal 7.32 is a fix for the vulnerability (you can use CVE-2014-3704 to identify it); and the Drupal team is suggesting that Drupal 7 admins update their sites asap.
The guys who found the bug during a source code audit have said: “With this bug an attacker can gain full control over all Drupal sites (Admin privileges), without knowledge of internals or authentication on the site. He can even execute PHP Code without leaving a trace in any log.”
When the vulnerability was disclosed, no exploits were known to be loose in the wild; and they’re saying you should update rather than patch, but a patch is available and will tide you over until you can update.
More generally, it’s important to make sure you’re looking after your CMS – and this is a good time to take stock and ensure that you’re looking after your systems. The most important base line is to ensure that you’re using the latest available security patches, and to join up to any relevant security bulletin mailing lists to get the latest info on flaws and updates for your system. If you’re concerned or don’t feel like you have the techie knowledge (nothing to be ashamed of – it’s complicated stuff!) then have a backend maintenance team like a server admin or web developer. And they always say the best defense is a good offense, so be proactive – things like pen testing and having good safety solutions in place is never a bad thing!
If you’ve got any questions about the security solutions at UKFast, take a look at our website or give us a call on 0800 045 4945.