reader comments 18 WordPress plugins running on as many as 36,000 websites have been backdoored in a supply-chain attack with unknown origins, security researchers said on Monday. So far, five plugins are known to be affected in the campaign, which was active as recently as Monday morning, researchers from security firm Wordfence reported. Over the… Read More »
reader comments 12 A software maker serving more than 10,000 courtrooms throughout the world hosted an application update containing a hidden backdoor that maintained persistent communication with a malicious website, researchers reported Thursday, in the latest episode of a supply-chain attack. The software, known as the JAVS Viewer 8, is a component of the JAVS… Read More »
Enlarge / Malware Detected Warning Screen with abstract binary code 3d digital concept Getty Images reader comments 57 On Friday, a lone Microsoft developer rocked the world when he revealed a backdoor had been intentionally planted in xz Utils, an open-source data compression utility available on almost all installations of Linux and other Unix-like operating… Read More »
reader comments 18 with 14 posters participating Share this story Fishpig, a UK-based maker of e-commerce software used by as many as 200,000 websites, is urging customers to reinstall or update all existing program extensions after discovering a security breach of its distribution server that allowed criminals to surreptitiously backdoor customer systems. The unknown threat… Read More »
Getty Images reader comments 10 with 8 posters participating Share this story As many as 29,000 users of the Passwordstate password manager downloaded a malicious update that extracted data from the app and sent it to an attacker-controlled server, the app maker told customers. In an email, Passwordstate creator Click Studios told customers that bad… Read More »
Enlarge (credit: BeeBright / Getty Images / iStockphoto) A hacker compromised the server used to distribute the PHP programming language and added a backdoor to source code that would have made websites vulnerable to complete takeover, members of the open source project said. Two updates pushed to the PHP Git server over the weekend added… Read More »
reader comments 24 with 17 posters participating Share this story Security firm Malwarebytes said it was breached by the same nation-state-sponsored hackers who compromised a dozen or more US government agencies and private companies. The attackers are best known for first hacking into Austin, Texas-based SolarWinds, compromising its software-distribution system and using it to infect… Read More »