There was a major security bug discovered and patched:
What are the best practices after deploying out a patch to determine if your site was affected? Some quick things I did were:
- Check the list of the site admins to see if anyone was added
- Check the site config change logs in Reports to see if any configs were changed
But generally what should one do to see if they need to do further forensics?