Users of Drupal, one of the most popular content management systems, should consider their sites compromised if they didn’t immediately apply a security patch released on Oct. 15.
The unusually alarming statement was part of a “public service announcement” issued by the Drupal project’s security team Wednesday.
“Automated attacks began compromising Drupal 7 websites that were not patched or updated to Drupal 7.32 within hours of the announcement of SA-CORE-2014-005 – Drupal core – SQL injection,” the Drupal security team said. “You should proceed under the assumption that every Drupal 7 website was compromised unless updated or patched before Oct 15th, 11pm UTC, that is 7 hours after the announcement.”
To read this article in full or to leave a comment, please click here