Threat Management, Incident Response, Network Security, Patch/Configuration Management, TDR, Vulnerability Management

Drupal zero-day opened door of Panama Papers law firm, report

A zero-day flaw in Drupal is now being said to be how hackers penetrated the network of law firm Mossack Fonseca and siphoned out more than 11.5 million files, according to The Hacker News.

The theft of around 2.6 terabytes of data in what is now being termed the Panama Papers – which revealed confidential details of individuals' tax-avoidance schemes and implicated 72 heads of state – was originally believed to be the result of an unpatched vulnerability in the widely used open source Drupal content management system.

Critical patches are scheduled to be released on Wednesday to address a number of security issues in Drupal contributed modules used on between 1,000 and 10,000 sites, including several highly critical remote code execution (RCE) flaws. 

In an advisory, the Drupal Security Team advised users to update modules ASAP as "exploits are expected to be developed within hours/days." 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.