Backdoor slipped into multiple WordPress plugins in ongoing supply-chain attack
A supply-chain attack compromised 36,000 websites using backdoored WordPress plugins. Malicious code added to updates creates attacker-controlled admin accounts, manipulating search results. Users urged to uninstall affected plugins and monitor for unauthorized access.
Read original article
A supply-chain attack has affected WordPress plugins on around 36,000 websites, with five plugins identified as being backdoored. Malicious functions were added to updates on WordPress.org, creating attacker-controlled admin accounts on compromised sites. The injected code aims to manipulate search results and is relatively straightforward, dating back to June 21, 2024. The affected plugins include Social Warfare, BLAZE Retail Widget, Wrapper Link Elementor, Contact Form 7 Multi-Step Addon, and Simply Show Hooks. Supply-chain attacks like this have become a prevalent method for malware distribution, exploiting users who trust software updates. Investigation is ongoing to determine how the malware was introduced into the plugins. Users are advised to uninstall the affected plugins, check for unauthorized admin accounts, and monitor for suspicious activity. WordPress, BLAZE, and Social Warfare have not yet responded to inquiries regarding the incident.
Related
Arbitrary shell command evaluation in Org Mode (GNU Emacs)
A vulnerability in Emacs Org mode allowed arbitrary shell command execution. A fix in Emacs 29.4 and Org 9.7.5 prevents unsafe code evaluation in link abbreviations, advising users to apply the patch.
Software company plans to pay millions in ransom to hackers
CDK Global faces a ransomware attack, disrupting operations at 15,000 car dealerships in North America. The company plans to pay hackers millions. The incident exposes the automotive industry's vulnerability to cyber threats.
I found a 1-click exploit in South Korea's biggest mobile chat app
A critical exploit in KakaoTalk allows attackers to run JavaScript in a WebView, potentially compromising user accounts by stealing access tokens. The exploit highlights the need to address security vulnerabilities in messaging apps.
Snowflake breach snowballs as more victims, perps, come forward
The Snowflake data breach expands to include Ticketek, Ticketmaster, and Advance Auto Parts. ShinyHunters claim involvement, Snowflake enforces security measures. CDK faces ransomware attack, Juniper and Apple vulnerabilities identified. Jetflicks operators convicted.
Polyfill supply chain attack hits 100K+ sites
A supply chain attack on Polyfill JS affects 100,000+ websites, including JSTOR and Intuit. Malware redirects mobile users to a betting site. Users advised to switch to trusted alternatives like Fastly and Cloudflare.
3 commentsI worked at Automatic (in Support / Spam blog hunting / Akismet) in 2011 and after some bad plugin updating from various sources Matt asked me to start vetting wporg plugin updates.
I cannot code in PHP. Lots of reading later I could recognise dodgy code, or code that looked odd.
I set up a gmail account where _every_ new plugin commit was sent to, and I create a ton of filters, each looking for certain code. Those filters were then sent to me and were filtered again - think "Nasty, Maybe, Check"
When something bad happened, I'd review the commits, see the nasty, remove it, update the version, commit to the wporg repo and at the same time take over the account. (Again I can't code PHP but I'm listed as a developer in the plugin repo). That way plugin user was protected.
That was 13 years ago .. why the hell doesn't WP have a better system?
Related
Arbitrary shell command evaluation in Org Mode (GNU Emacs)
A vulnerability in Emacs Org mode allowed arbitrary shell command execution. A fix in Emacs 29.4 and Org 9.7.5 prevents unsafe code evaluation in link abbreviations, advising users to apply the patch.
Software company plans to pay millions in ransom to hackers
CDK Global faces a ransomware attack, disrupting operations at 15,000 car dealerships in North America. The company plans to pay hackers millions. The incident exposes the automotive industry's vulnerability to cyber threats.
I found a 1-click exploit in South Korea's biggest mobile chat app
A critical exploit in KakaoTalk allows attackers to run JavaScript in a WebView, potentially compromising user accounts by stealing access tokens. The exploit highlights the need to address security vulnerabilities in messaging apps.
Snowflake breach snowballs as more victims, perps, come forward
The Snowflake data breach expands to include Ticketek, Ticketmaster, and Advance Auto Parts. ShinyHunters claim involvement, Snowflake enforces security measures. CDK faces ransomware attack, Juniper and Apple vulnerabilities identified. Jetflicks operators convicted.
Polyfill supply chain attack hits 100K+ sites
A supply chain attack on Polyfill JS affects 100,000+ websites, including JSTOR and Intuit. Malware redirects mobile users to a betting site. Users advised to switch to trusted alternatives like Fastly and Cloudflare.