A malicious cryptomining campaign has been targeting hundreds of websites running outdated Drupal content management systems. The new cyber attacks exploit recently revealed vulnerabilities on the Drupal platform, patched for over a month.Â
The critical remote-code execution vulnerability (CVE-2018-7600) is dubbed Drupalgeddon 2.0, as described by security researcher Troy Mursch, in Bad Packets Report and Threatpost blog post.
According to the researcher, over 300 websites have been attacked to include the San Diego Zoo, government of Chihuahua, Mexico, as well as other government and university websites worldwide.
Drupal website admins should make sure to patch their websites with latest Drupal updates (released March 28) as soon as possible.