{"id":165852,"date":"2016-05-23T10:16:24","date_gmt":"2016-05-23T08:16:24","guid":{"rendered":"http:\/\/mybroadband.co.za\/news\/?p=165852"},"modified":"2016-05-23T10:19:08","modified_gmt":"2016-05-23T08:19:08","slug":"drupal-websites-hacked-using-sql-injection-flaw","status":"publish","type":"post","link":"https:\/\/mybroadband.co.za\/news\/security\/165852-drupal-websites-hacked-using-sql-injection-flaw.html","title":{"rendered":"Drupal websites hacked using SQL injection flaw"},"content":{"rendered":"<p>Hackers have attacked hundreds of Drupal websites, installing ransomware that hijacks the website&#8217;s main page.<\/p>\n<p>Softpedia reported that the attackers exploited a two-year-old vulnerability in Drupal for the SQL injection attacks.<\/p>\n<p>Drupal website owners said their websites were locked, with the message:<\/p>\n<blockquote><p>\u201cWebsite is locked. Please transfer 1.4 BitCoin to address 3M6SQh8Q6d2j1B4JRCe2ESRLHT4vTDbSM9 to unlock content.\u201d<\/p><\/blockquote>\n<p>\u201cThe attacker&#8217;s scanning bot extracts the Drupal site&#8217;s version, then uses the CVE-2014-3704 vulnerability to break into the affected websites and change the admin user&#8217;s password,\u201d reported Softpedia.<\/p>\n<p>CVE-2014-3704 is an SQL injection vulnerability that affects Drupal 7.x installations prior to version 7.32.<\/p>\n<h3 class=\"my-4\">More on\u00a0security<\/h3>\n<p><a href=\"http:\/\/mybroadband.co.za\/news\/banking\/165828-massive-south-african-credit-card-leak.html\"><strong>Massive South African credit card leak<\/strong><\/a><\/p>\n<p><strong><a href=\"http:\/\/mybroadband.co.za\/news\/security\/165572-criminals-infect-atms-with-malware-to-steal-your-card-data.html\">Criminals infect ATMs with malware to steal your card data<\/a><\/strong><\/p>\n<p><strong><a href=\"http:\/\/mybroadband.co.za\/news\/security\/165578-over-100-million-linkedin-accounts-compromised.html\">Over 100 million LinkedIn accounts compromised<\/a><\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hackers have attacked hundreds of Drupal websites, installing ransomware that hijacks the website&#8217;s main page.<\/p>\n","protected":false},"author":23,"featured_media":165856,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[36,9645,14575],"class_list":["post-165852","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-active","tag-drupal","tag-hack"],"_links":{"self":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/165852"}],"collection":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/users\/23"}],"replies":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/comments?post=165852"}],"version-history":[{"count":2,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/165852\/revisions"}],"predecessor-version":[{"id":165884,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/165852\/revisions\/165884"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media\/165856"}],"wp:attachment":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media?parent=165852"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/categories?post=165852"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/tags?post=165852"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}