“Drupalgeddon2” touches off arms race to mass-exploit powerful Web servers

Enlarge (credit: Torkild Retvedt)

Attackers are mass-exploiting a recently fixed vulnerability in the Drupal content management system that allows them to take complete control of powerful website servers, researchers from multiple security companies are warning.

At least three different attack groups are exploiting “Drupalgeddon2,” the name given to an extremely critical vulnerability Drupal maintainers patched in late March, researchers with Netlab 360 said Friday. Formally indexed as CVE- 2018-7600, Drupalgeddon2 makes it easy for anyone on the Internet to take complete control of vulnerable servers simply by accessing a URL and injecting publicly available exploit code. Exploits allow attackers to run code of their choice without having to have an account of any type on a vulnerable website. The remote-code vulnerability harkens back to a 2014 Drupal vulnerability that also made it easy to commandeer vulnerable servers.

Drupalgeddon2 “is under active attack, and every Drupal site behind our network is being probed constantly from multiple IP addresses,” Daniel Cid, CTO and founder of security firm Sucuri, told Ars. “Anyone that has not patched is hacked already at this point. Since the first public exploit was released, we are seeing this arms race between the criminals as they all try to hack as many sites as they can.”

Read 6 remaining paragraphs | Comments

Tesla: Workplace safety, unions and the color yellow

Tesla's troubles with media reports on working conditions and union organizing took a hard right turn on Monday. In response to Reveal's report on Tesla's workplace safety, the auto manufacturer accused the Pulitzer-finalist of being "an extremist or…

Watch The Porsche 911 GT3 RS Go Around Nürburgring In Under Seven Minutes

The 2018 Porsche 911 GT3 RS gets 520 horsepower from its naturally-aspirated flat six, which is a glorious thing. It’s no surprise that it’s also a track monster, completing the 12.9-mile Nürburgring in a blazing 6:56.4.

Read more…

CBS All Access lands Muhammed Ali biography ’8 Fights’

CBS continues to ramp up its All Access content to compete with the likes of Netflix, with six to seven new shows set to hit the streaming service, like the Will Ferrell-produced No Activity. Now Deadline reports that CBS' service has just landed 8 F…

Marmot Has Everything You Could Need for Whatever Weather, And It’s All On Sale

At some point, it’ll be continuously warm enough to hike, and Marmot is thinking about getting you geared up and outside for less. Take 25% off all the apparel they carry, or if you need to re-up on your gear, it’s all 20% off too during their Friends & Family sale. Just use the code FRIENDS at checkout. It’s like…

Read more…

Nissan To Launch 8 Electrified Cars In Japan By 2022

Nissan is looking to introduce a flurry of new electrified vehicles in Japan by 2022, with plans to roll out three all-electric cars and five hybrids, according to Automotive News.

Read more…

Ohio university offers the first ‘Fortnite’ eSports scholarship

Ohio's Ashland University's new eSports program will be the first in the US to offer player scholarships for the wildly popular battle royale game Fortnite. They'll hey plan to field a four-player team alongside squads for Overwatch and League of Leg…

NYC blasts broadband competition shortage as it pursues suit against Verizon

Enlarge / New York, USA – January 14, 2016: A Verizon worker on Worth Street in Lower Manhattan. (credit: Getty Images | 400tmax)

More than two-thirds of New York City’s 3.1 million households have just one or two broadband providers offering service to their homes, according to a new “Truth in Broadband” report issued by the city government. The report comes as NYC pursues a lawsuit against Verizon alleging that it hasn’t met its broadband deployment obligations.

There’s only one ISP offering home broadband service at 13.54 percent of the city’s 3,114,826 households, meaning that nearly 422,000 households have just one “choice.” Another 55.44 percent of NYC households—nearly 1.73 million in all—have two broadband providers. The remaining 31.02 percent (more than 966,000 households) have at least three broadband providers.

The report defines broadband as Internet service with at least 25Mbps download speeds and 3Mbps upload speeds, the same standard the Federal Communications Commission uses to evaluate broadband deployment progress nationwide. DSL offers some more choice, but the network technology “is not generally capable of delivering a 25Mbps download speed,” the report said. The report’s broadband deployment statistics are based on federal data as of December 2016.

Read 19 remaining paragraphs | Comments

Dutch government rules some loot boxes count as illegal gambling

Enlarge / Is this essentially the same as a kid buying a box of car skins in Rocket League? (credit: Getty)

Four publishers will be forced to make changes to their games in the Netherlands after a landmark report from the Netherlands Gaming Authority found their loot boxes violate laws against gambling.

Study into loot boxes: A treasure or a burden? (PDF) notes that an in-game loot box violates the country’s laws if “the content of these loot boxes is determined by chance and… the prizes to be won can be traded outside of the game: the prizes have a market value.”

While the report doesn’t identify the now-illegal games directly, a report from Dutch news site NOS names them as FIFA 18, Dota 2, PlayerUnknown’s Battlegrounds, and Rocket League. Six other studied games that do not allow for items to be traded for a “market value” were found not to violate the law.

Read 7 remaining paragraphs | Comments

Full Sail taps VR to help online students feel less isolated.

Taking online classes is an easy way to fit college into your schedule without the need to physically be on campus. But, there are drawbacks. Full Sail University hopes that implementing virtual reality into its courses will help eliminate some of th…