3 More Plugins Infected in WordPress.org Supply Chain Attack Due to Compromised Developer Passwords

Update #1: As of 12:36PM EST, another plugin has been infected.
We've updated the list below to include this fourth plugin and the plugins team has been notified.
Update #2: As of 2:20 PM EST, two more plugins appear to have malicious commits the releases have not officially been made meaning no sites should be affected currently.
We've updated the list below to include these additional plugins and the plugins team has been notified.
Update #3: As of 4:44PM EST, only one more plugin has received malicious commits, and again the release was not officially made meaning no sites should be affected.
We've updated the list below to include this additional plugin and the plugins team has been notified.
At this point the WordPress.org team is holding any further plugin releases and is ensuring only non-malicious releases are made.
On June 24th, 2024, we became aware of a supply chain attack targeting multiple WordPress plugins hosted on WordPress.org.
An attacker was able to successfully compromise five WordPress.org accounts, where the developers were utilizing credentials previously found in data breaches, and commit malicious code to the plugins that would inject new administrative user accounts along with SEO Spam and cryptominers whenever the site owner updates the plugin to the latest version.
While we continue to monitor the situation, we found that three additional plugins have been injected with malicious code today.
At this point, all three plugins have been closed for downloads by the plugins team, and the malicious code has been removed along with the release of new code to nullify the created admin passwords to prevent further infection.
This brings the total up to 8 plugins affecting anywhere up to 116,000 WordPress sites.
The following is a list of plugins where the attacker was able to make a malicious commit by compromising a committer's account, but was unsuccessful in releasing the update.
No sites running the following plugins should be affected.
Twenty20 Image Before-After: Pre-release versions 1.6.2, 1.6.3, 1.5.4 Patched Version: Vulnerable version was never officially released no patched version is required.
WPCOM Member: Pre-release versions 1.3.16, 1.3.15 Patched Version: Vulnerable version was never officially released no patched version is required.
If you are a developer with a WordPress.org account, please do an audit of your committers and remove any that are no longer used, ensure all committers are utilizing strong and unique passwords, and enable 2FA and release confirmations as soon as possible so we can prevent more software from being successfully compromised.
If you have any of these plugins installed, you should consider your installation compromised and immediately go into incident response mode.
We recommend checking your WordPress administrative user accounts and deleting any that are unauthorized, along with running a complete malware scan with the Wordfence plugin or Wordfence CLI and removing any malicious code.
If you are running a malicious version of one of the plugins, you will be notified by the Wordfence Vulnerability Scanner that you have a vulnerability on your site and you should update the plugin where available or remove it as soon as possible.


This Cyber News was published on www.wordfence.com. Publication date: Fri, 28 Jun 2024 15:43:06 +0000


Cyber News related to 3 More Plugins Infected in WordPress.org Supply Chain Attack Due to Compromised Developer Passwords

Developer Accounts Compromised Due to Credential Reuse in WordPress.org Supply Chain Attack - On June 24th, 2024, the Wordfence Threat Intelligence Team became aware of a WordPress plugin, Social Warfare, that was infected with malware through the WordPress repository. We immediately notified the WordPress Plugin's Team and they removed the ...
4 months ago Wordfence.com
Software Supply Chain Security Checklist - In the ever-evolving landscape of digital innovation, the integrity of software supply chains has become a pivotal cornerstone for organizational security. Software supply chain security is not just about protecting code - it's about safeguarding the ...
9 months ago Feeds.dzone.com
3 More Plugins Infected in WordPress.org Supply Chain Attack Due to Compromised Developer Passwords - Update #1: As of 12:36PM EST, another plugin has been infected. We've updated the list below to include this fourth plugin and the plugins team has been notified. Update #2: As of 2:20 PM EST, two more plugins appear to have malicious commits the ...
4 months ago Wordfence.com
New "MITRE ATT&CK-like" framework outlines software supply chain attack TTPs - A new open framework seeks to outline a comprehensive and actionable way for businesses and security teams to understand attacker behaviors and techniques specifically impacting the software supply chain. The Open Software Supply Chain Attack ...
1 year ago Csoonline.com
CISA Announces Renewal of the Information and Communications Technology Supply Chain Risk Management Task Force - The Task Force, chaired by CISA's National Risk Management Center and the Information Technology and Communications Sector Coordinating Councils, is a public-private partnership composed of a diverse range of representatives from public and private ...
9 months ago Cisa.gov
Enzoic for AD Lite Data Shows Increase in Crucial Risk Factors - The 2023 data from Enzoic for Active Directory Lite data from 2023 offers a revealing glimpse into the current state of cybersecurity, highlighting a significant increase in risk factors that lead to data breaches. The free password auditor has been ...
9 months ago Securityboulevard.com
UK, ROK sound alarm over North Korean supply chain attacks The Register - The national cybersecurity organizations of the UK and the Republic of Korea have issued a joint advisory warning of an increased volume and sophistication of North Korean software supply chain attacks. "In an increasingly digital and interconnected ...
11 months ago Theregister.com
SCS 9001 2.0 reveals enhanced controls for global supply chains - In this Help Net Security interview, Mike Regan, VP of Business Performance at TIA, discusses SCS 9001 Release 2.0, a certifiable standard crafted to assist organizations in operationalizing the NIST and other government guidelines and frameworks. ...
11 months ago Helpnetsecurity.com
How AI could bolster software supply chain security - SAN FRANCISCO - While supply chain risks remain prevalent across enterprises of all sizes, Synopsys' Tim Mackey said AI tools will enable developers more than attackers - at least for now. Supply chain security was a significant topic that speakers ...
5 months ago Techtarget.com
Securing the Supply Chain - Before a supply chain can be improved, it must be understood. Rather than attacking one target, it is more effective to manipulate the supply chain to gain access to multiple targets. The 2013 Target breach was an example of a supply chain attack, as ...
1 year ago Securityweek.com
Attack Vector vs Attack Surface: The Subtle Difference - Cybersecurity discussions about "Attack vectors" and "Attack surfaces" sometimes use these two terms interchangeably. This article guides you through the distinctions between attack vectors and attack surfaces to help you better understand the two ...
1 year ago Trendmicro.com
An Inside Look at The Malware and Techniques Used in the WordPress.org Supply Chain Attack - After adding the malicious code to our Threat Intelligence Database and examining it, we quickly discovered that several other plugins were also affected. We will begin with the Blaze Widget plugin which saw the largest amount of activity in terms of ...
4 months ago Wordfence.com
Cyber Insights 2023: ICS and Operational Technology - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. At the same time, ICS/OT is facing an expanding attack surface caused by ...
1 year ago Securityweek.com
CVE-2023-2813 - All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme through 1.5.8.5, Bazaar Lite WordPress theme before ...
1 year ago
Polyfill.io, BootCDN, Bootcss, Staticfile attack traced to 1 operator - The recent large scale supply chain attack conducted via multiple CDNs, namely Polyfill.io, BootCDN, Bootcss, and Staticfile that affected anywhere from 100,000 to tens of millions of websites has been traced to a common operator, according to ...
4 months ago Bleepingcomputer.com
New Survey Finds a Paradox of Confidence in Software Supply Chain Security - Get results of and analysis on ESG's new survey on supply chain security. New research reveals that, despite increasing attacks and incidents against software supply chains, a surprising number of firms believe their defense is sufficient. This gap ...
6 months ago Securityboulevard.com
Synopsys Introduces Latest Solution for Comprehensive Security Across Software Supply Chains - Synopsys has introduced Black Duck® Supply Chain Edition, a novel software composition analysis solution. This offering aids organisations in mitigating upstream risks within their software supply chains. Black Duck® Supply Chain Edition ...
7 months ago Itsecurityguru.org
Synopsys Introduces Latest Solution for Comprehensive Security Across Software Supply Chains - Synopsys has introduced Black Duck® Supply Chain Edition, a novel software composition analysis solution. This offering aids organisations in mitigating upstream risks within their software supply chains. Black Duck® Supply Chain Edition ...
7 months ago Itsecurityguru.org
Synopsys Introduces Latest Solution for Comprehensive Security Across Software Supply Chains - Synopsys has introduced Black Duck® Supply Chain Edition, a novel software composition analysis solution. This offering aids organisations in mitigating upstream risks within their software supply chains. Black Duck® Supply Chain Edition ...
7 months ago Itsecurityguru.org
Synopsys Introduces Latest Solution for Comprehensive Security Across Software Supply Chains - Synopsys has introduced Black Duck® Supply Chain Edition, a novel software composition analysis solution. This offering aids organisations in mitigating upstream risks within their software supply chains. Black Duck® Supply Chain Edition ...
7 months ago Itsecurityguru.org
Synopsys Introduces Latest Solution for Comprehensive Security Across Software Supply Chains - Synopsys has introduced Black Duck® Supply Chain Edition, a novel software composition analysis solution. This offering aids organisations in mitigating upstream risks within their software supply chains. Black Duck® Supply Chain Edition ...
7 months ago Itsecurityguru.org
Synopsys Introduces Latest Solution for Comprehensive Security Across Software Supply Chains - Synopsys has introduced Black Duck® Supply Chain Edition, a novel software composition analysis solution. This offering aids organisations in mitigating upstream risks within their software supply chains. Black Duck® Supply Chain Edition ...
7 months ago Itsecurityguru.org
Assessing and mitigating cybersecurity risks lurking in your supply chain - Most involve the supply of software and digital services, or at least are reliant in some way on online interactions. SMBs in particular may not proactively be looking, or have the resources, to manage security in their supply chains. Blindly ...
9 months ago Welivesecurity.com
Ledger dApp supply chain attack steals $600K from crypto wallets - Ledger is warnings users not to use web3 dApps after a supply chain attack on the 'Ledger dApp Connect Kit' library was found pushing a JavaScript wallet drainer that stole $600,000 in crypto and NFTs. Ledger is a hardware wallet that lets users buy, ...
11 months ago Bleepingcomputer.com
New Supply Chain Attack Leveraging Python Package Index Targeting Wacatac Trojan - A new supply chain attack has recently been detected targeting Python Package Index (PyPI) users with the Wacatac Trojan. This attack is seen as the latest in a series of advanced persistent threats (APT) targeting the escalating use of Python in ...
1 year ago Securityweek.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)