Stories
Slash Boxes
Comments

SoylentNews is people

posted by mrpg on Friday January 12, @04:15AM   Printer-friendly
from the pen-and-paper-are-better dept.

The Wordfence blog has an examination of an emerging attack on the Wordpress ecosystem.

[...] In the software industry, a supply chain attack exploits a trusted relationship between software vendors or authors and their customers. For WordPress, that means figuring out how to embed malware into software updates. In one case, we saw an existing plugin author install malware on customer sites in an effort to monetize an existing plugin. In every other case we have uncovered, the attack was carried out by someone who had purchased the plugin with the express intention of attacking its users.

This is a follow-up to December's discovery of backdoor code in three mildly popular plug-ins. Those otherwise-trusted plug-ins had been purchased from the original developer by a third party, who then injected malicious code in subsequent updates.

In the last two weeks, the WordPress.org repository has closed three plugins because they contained content-injection backdoors. ... Each of them had been purchased in the previous six months as part of the same supply chain attack, with the goal of injecting SEO spam into the sites running the plugins.


Original Submission

 

Reply to: Friends

    (Score: -1, Spam) by Anonymous Coward on Friday January 12, @05:39AM

    by Anonymous Coward on Friday January 12, @05:39AM (#621271)

    ... Don't let friends use WordPress. Or Tumblr. Or Blogger. Or Medium for that matter. If you simply must blog, may I recommend Silvrback [silvrback.com] instead?

Post Comment

Edit Comment You are not logged in. You can log in now using the convenient form below, or Create an Account, or post as Anonymous Coward.

Public Terminal

Anonymous Coward [ Create an Account ]

Use the Preview Button! Check those URLs!


Logged-in users aren't forced to preview their comments. Create an Account!

Allowed HTML
<b|i|p|br|a|ol|ul|li|dl|dt|dd|em|strong|tt|blockquote|div|ecode|quote|sup|sub|abbr|sarc|sarcasm|user|spoiler|del|s|strike>

URLs
<URL:http://example.com/> will auto-link a URL

Important Stuff

  • Please try to keep posts on topic.
  • Try to reply to other people's comments instead of starting new threads.
  • Read other people's messages before posting your own to avoid simply duplicating what has already been said.
  • Use a clear subject that describes what your message is about.
  • Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page)
  • If you want replies to your comments sent to you, consider logging in or creating an account.

If you are having a problem with accounts or comment posting, please yell for help.