SoylentNews
SoylentNews is people
https://soylentnews.org/

Title    WordPress Supply Chain Attacks: An Emerging Threat
Date    Friday January 12 2018, @04:15AM
Author    mrpg
Topic   
from the pen-and-paper-are-better dept.
https://soylentnews.org/article.pl?sid=18/01/12/0030259

halcyon1234 writes:

The Wordfence blog has an examination of an emerging attack on the Wordpress ecosystem.

[...] In the software industry, a supply chain attack exploits a trusted relationship between software vendors or authors and their customers. For WordPress, that means figuring out how to embed malware into software updates. In one case, we saw an existing plugin author install malware on customer sites in an effort to monetize an existing plugin. In every other case we have uncovered, the attack was carried out by someone who had purchased the plugin with the express intention of attacking its users.

This is a follow-up to December's discovery of backdoor code in three mildly popular plug-ins. Those otherwise-trusted plug-ins had been purchased from the original developer by a third party, who then injected malicious code in subsequent updates.

In the last two weeks, the WordPress.org repository has closed three plugins because they contained content-injection backdoors. ... Each of them had been purchased in the previous six months as part of the same supply chain attack, with the goal of injecting SEO spam into the sites running the plugins.


Original Submission

Links

  1. "halcyon1234" - https://soylentnews.org/~halcyon1234/
  2. "emerging attack on the Wordpress ecosystem." - https://www.wordfence.com/blog/2018/01/wordpress-supply-chain-attacks/
  3. "December's discovery of backdoor code in three mildly popular plug-ins" - https://www.wordfence.com/blog/2017/12/plugin-backdoor-supply-chain/
  4. "Original Submission" - https://soylentnews.org/submit.pl?op=viewsub&subid=24267

© Copyright 2024 - SoylentNews, All Rights Reserved

printed from SoylentNews, WordPress Supply Chain Attacks: An Emerging Threat on 2024-03-28 18:04:53