More than 3,300 WordPress websites using old iterations of the Popup Builder plugin vulnerable to the cross-site scripting bug, tracked as CVE-2023-6000, have been breached in a new malware campaign, reports BleepingComputer.
Attackers exploited the vulnerability to facilitate malicious code injections into the WordPress admin interface’s Custom JavaScript or Custom CSS sections, with the code stored in the ‘wp_postmeta’ database table, according to a report from Sucuri. Despite the presence of several code injection variants for different plugin events, all injections were noted to facilitate redirections to malware downloading and phishing websites, said researchers. With more than 80,000 sites still leveraging outdated Popup Builder versions, website owners have been urged to not only immediately update to version 4.2.7 of the plugin but also block the “ttincoming.traveltraffic[.]cc” and “host.cloudsonicwave[.]com” domains to circumvent attacks. On the other hand, already compromised websites should have the malicious code from the plugin’s custom sections removed and scanned, researchers added.
SC Staff
Information claimed to have been exfiltrated included full names, birthdates, gender, birthdates, email addresses, usernames, and hashed passwords.
SC Staff
SecurityWeek reports that escalating exploitation of VPN vulnerabilities to facilitate significant cyber incidents has prompted the FBI, Cybersecurity and Infrastructure Security Agency, the Canadian Centre for Cyber Security, and New Zealand’s Government Communications Security Bureau and CERT to establish new guidance urging the move to more robust alternatives, such as Secure Service Edge and Secure Access Service Edge solutions.
SC Staff
Attackers launched reconnaissance and privilege escalation attacks against Docker APIs with an exposed port 2375 before executing a trio of shell scripts.
On-Demand Event
On-Demand Event
On-Demand Event
By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.
Copyright © 2024 CyberRisk Alliance, LLC All Rights Reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorization.
Your use of this website constitutes acceptance of CyberRisk Alliance Privacy Policy and Terms & Conditions.