Light Dark
July 14, 2015 By Dave McMillen < 1 min read
X-Force
Risk Management

In today’s fast-paced business world there’s an ever-growing need for quick changes to web content. This used to be the responsibility of webmasters who created HTML code, JavaScript modules and plugins on the fly, but therein lay a fundamental problem: a crucial task depended on a small handful of people. The process had to be decentralized, so a new method was developed: the web content management system, or CMS.  Today, the most popular web CMS platforms – WordPress, Joomla and Drupal – account for 75 percent of the market, and it is common for one or more to be included as a standard feature of web hosting services. Their status attests to their popularity and effectiveness, but CMS platforms also have security issues.

This report, researched and written by the IBM Managed Security Services Threat Research group, examines how web content management systems are vulnerable to cyber attack and provides steps that can be taken to mitigate risks.

Read the complete research report: Understanding the risks of content management systems

Dave McMillen
Senior Threat Researcher, IBM X-Force

More from X-Force
April 9, 2024

Hive0051 goes all in with a triple threat

13 min read - As of April 2024, IBM X-Force is tracking new waves of Russian state-sponsored Hive0051 (aka UAC-0010, Gamaredon) activity featuring new iterations of Gamma malware first observed in November 2023. These discoveries follow late October 2023 findings, detailing Hive0051's use of a novel multi-channel method of rapidly rotating C2 infrastructure (DNS Fluxing) to deliver new Gamma malware variants, facilitating more than a thousand infections in a single day. An examination of a sample of the lures associated with the ongoing activity reveals…

March 11, 2024

Ongoing ITG05 operations leverage evolving malware arsenal in global campaigns

13 min read - As of March 2024, X-Force is tracking multiple ongoing ITG05 phishing campaigns featuring lure documents crafted to imitate authentic documents of government and non-governmental organizations (NGOs) in Europe, the South Caucasus, Central Asia, and North and South America. The uncovered lures include a mixture of internal and publicly available documents, as well as possible actor-generated documents associated with finance, critical infrastructure, executive engagements, cyber security, maritime security, healthcare, business, and defense industrial production. Beginning in November 2023, X-Force observed ITG05…

March 6, 2024

Why federal agencies need a mission-centered cyber response

4 min read - Cybersecurity continues to be a top focus for government agencies with new cybersecurity requirements. Threats in recent years have crossed from the digital world to the physical and even involved critical infrastructure, such as the cyberattack on SolarWinds and the Colonial Pipeline ransomware attack. According to the IBM Cost of a Data Breach 2023 Report, a breach in the public sector, which includes government agencies, is up to $2.6 million from $2.07 million in 2022. Government agencies need to move…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature
Press play to continue listening
00:00 00:00