CyberSecurityBoard
Sponsor Register Login

Nearly 7K WordPress Sites Compromised by Balada Injector

About 6,700 WordPress websites have been infected with the Balada Injector malware, after using a Popup Builder plug-in with a cross-site scripting vulnerability tracked as CVE-2023-6000.
The Balada Injector campaign is long-running and is an operation that has compromised more than 1 million WordPress sites in the past six years.
In the attack, a backdoor is injected to redirect visitors from a legitimate WordPress site to fake support pages and compromised or scam websites.
This vulnerable version of the Popup Builder plug-in has more than 200,000 installations, so more infections could be coming.


This Cyber News was published on www.darkreading.com. Publication date: Wed, 17 Jan 2024 16:05:07 +0000


Cyber News related to Nearly 7K WordPress Sites Compromised by Balada Injector

New Balada Injector campaign infects 6,700 WordPress sites - A little over 6,700 WordPress websites using a vulnerable version of the Popup Builder plugin have been infected with the Balada Injector malware in a campaign that launched in mid-December. Initially documented by researchers at Dr. Web who observed ...
11 months ago Bleepingcomputer.com
Nearly 7K WordPress Sites Compromised by Balada Injector - About 6,700 WordPress websites have been infected with the Balada Injector malware, after using a Popup Builder plug-in with a cross-site scripting vulnerability tracked as CVE-2023-6000. The Balada Injector campaign is long-running and is an ...
11 months ago Darkreading.com
Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware - Hackers are breaching WordPress sites by exploiting a vulnerability in outdated versions of the Popup Builder plugin, infecting over 3,300 websites with malicious code. The flaw leveraged in the attacks is tracked as CVE-2023-6000, a cross-site ...
9 months ago Bleepingcomputer.com
4500+ WordPress Sites Hacked with a Monero Cryptojacking Campaign - Security researchers recently reported the discovery of a massive Monero hacking campaign targeted at WordPress sites. According to reports, more than 4500 WordPress sites were compromised with a malicious cryptocurrency-mining campaign. The hackers ...
1 year ago Thehackernews.com
CVE-2023-2813 - All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme through 1.5.8.5, Bazaar Lite WordPress theme before ...
1 year ago
WP Fastest Cache plugin bug exposes 600K WordPress sites to attacks - The WordPress plugin WP Fastest Cache is vulnerable to an SQL injection vulnerability that could allow unauthenticated attackers to read the contents of the site's database. WP Fastest Cache is a caching plugin used to speed up page loads, improve ...
1 year ago Bleepingcomputer.com
Developer Accounts Compromised Due to Credential Reuse in WordPress.org Supply Chain Attack - On June 24th, 2024, the Wordfence Threat Intelligence Team became aware of a WordPress plugin, Social Warfare, that was infected with malware through the WordPress repository. We immediately notified the WordPress Plugin's Team and they removed the ...
5 months ago Wordfence.com
CISA Warns of Compromised Microsoft Accounts - CISA issued a fresh CISA emergency directive in early April instructing U.S. federal agencies to mitigate risks stemming from the breach of numerous Microsoft corporate email accounts by the Russian APT29 hacking group. The directive is known as ...
8 months ago Securityboulevard.com
75K+ WordPress Sites Impacted by Critical Plugin Flaws - A large-scale breach has impacted more than 75,000 WordPress sites that are running an online course plugin. According to security researchers, the plugin has three critical vulnerabilities that could expose customer data and be used to take over ...
1 year ago Bleepingcomputer.com
WordPress Request Architecture and Hooks - Before diving into the security features of WordPress, it's critical to understand the underlying request architecture. WordPress is a dynamic system that processes and responds to user requests in various ways, depending on the nature of the request ...
5 months ago Wordfence.com
Enzoic for AD Lite Data Shows Increase in Crucial Risk Factors - The 2023 data from Enzoic for Active Directory Lite data from 2023 offers a revealing glimpse into the current state of cybersecurity, highlighting a significant increase in risk factors that lead to data breaches. The free password auditor has been ...
10 months ago Securityboulevard.com
CVE-2024-50002 - In the Linux kernel, the following vulnerability has been resolved: static_call: Handle module init failure correctly in static_call_del_module() Module insertion invokes static_call_add_module() to initialize the static calls in a module. ...
2 months ago Tenable.com
The old, not the new: Basic security issues still biggest threat to enterprises - Attacks on critical infrastructure reveal industry faux pas. Ransomware attacks on enterprises saw a nearly 12% drop last year, as larger organizations opt against paying and decrypting, in favor of rebuilding their infrastructure. X-Force analysis ...
9 months ago Helpnetsecurity.com
3 More Plugins Infected in WordPress.org Supply Chain Attack Due to Compromised Developer Passwords - Update #1: As of 12:36PM EST, another plugin has been infected. We've updated the list below to include this fourth plugin and the plugins team has been notified. Update #2: As of 2:20 PM EST, two more plugins appear to have malicious commits the ...
5 months ago Wordfence.com
VexTrio network of hijacked websites used to spread malware The Register - More than 70,000 presumably legit websites have been hijacked and drafted into a network that crooks use to distribute malware, serve phishing pages, and share other dodgy stuff, according to researchers. This mesh of compromised sites is known as ...
10 months ago Go.theregister.com
In Landmark Battle Over Free Speech, EFF Urges Supreme Court to Strike Down Texas and Florida Laws that Let States Dictate What Speech Social Media Sites Must Publish - WASHINGTON D.C.-The Electronic Frontier Foundation and five organizations defending free speech urged the Supreme Court to strike down laws in Florida and Texas that let the states dictate certain speech social media sites must carry, violating the ...
1 year ago Eff.org
400K Linux Servers Recruited by Resurrected Ebury Botnet - The Ebury botnet - which was first discovered 15 years ago - has backdoored nearly 400,000 Linux, FreeBSD, and OpenBSD servers. More than 100,000 servers were still compromised as of late 2023, according to new research from cybersecurity vendor ...
7 months ago Darkreading.com
Code Execution Update: Improve WordPress Security - In the ever-evolving landscape of digital security, WordPress has recently released a critical code execution update, version 6.4.2, addressing a potential threat that could jeopardize the integrity of vulnerable sites. This update, triggered by the ...
1 year ago Securityboulevard.com
CVE-2024-32528 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Seerox WP Dynamic Keywords Injector allows Reflected XSS.This issue affects WP Dynamic Keywords Injector: from n/a through 2.3.18. ...
8 months ago
CVE-2021-24219 - The Thrive Optimize WordPress plugin before 1.4.13.3, Thrive Comments WordPress plugin before 1.4.15.3, Thrive Headline Optimizer WordPress plugin before 1.3.7.3, Thrive Leads WordPress plugin before 2.3.9.4, Thrive Ultimatum WordPress plugin before ...
2 years ago
Database Malware Targeting WordPress Sites: How to Stay Safe - WordPress is one of the most widely used content management systems in the world. However, this popularity has also led to an increase in the number of database malware and other cyber threats targeting WordPress sites. In this article, we will be ...
1 year ago Hackread.com
WordPress fixes POP chain exposing websites to RCE attacks - WordPress has released version 6.4.2 that addresses a remote code execution vulnerability that could be chained with another flaw to allow attackers run arbitrary PHP code on the target website. WordPress is a highly popular open-source content ...
1 year ago Bleepingcomputer.com
Fake IT support sites push malicious PowerShell scripts as Windows fixes - First discovered by eSentire's Threat Response Unit, the fake support sites are promoted through YouTube channels that have been compromised and hijacked to add legitimacy to the content creator. In particular, the threat actors are creating fake ...
5 months ago Bleepingcomputer.com
Ebury botnet malware infected 400,000 Linux servers since 2009 - A malware botnet known as 'Ebury' has infected almost 400,000 Linux servers since 2009, with roughly 100,000 still compromised as of late 2023. Below are the Ebury infections logged by ESET since 2009, showing a notable growth in the volume of ...
7 months ago Bleepingcomputer.com
Beware of Expired or Compromised Code Signing Certificates - One of the vital security measures taken in this direction is the use of code signing certificates to prove software authenticity, integrity and security. Code signing certificates, used for digitally signing applications and software, are an ...
1 year ago Securityboulevard.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)