Drupalgeddon2

Vulnerability CVE-2018-7600 discovered in March by the Drupal CMS team, dubbed “Drupalgeddon2,” is being exploited by threat actors who are using the flaw to infect servers with backdoor scripts and cryptocurrency-mining software. In early April, a Russian security researcher published proof-of-concept (PoC) code for the vulnerability, sparking scans for vulnerable sites within hours of publication. Information security researchers have also reported that botnets controlled by criminal groups are exploiting the vulnerability. There are at least 3,300 Drupal-powered sites hosted in New Jersey. Site administrators are advised to ensure they are running patched version 7.58 or 8.5.1. The NJCCIC recommends all Drupal site owners and administrators review the Drupal Core highly critical public service announcement and follow the recovery instructions if necessary, review the previous NJCCIC advisory on Drupalgeddon2, and update their sites to the most recent patched version immediately.