Tech

Supply chain attack used legitimate WordPress add-ons to backdoor sites

Posted on Author admin Comments Off on Supply chain attack used legitimate WordPress add-ons to backdoor sites
Supply chain attack used legitimate WordPress add-ons to backdoor sites

Enlarge (credit: Getty Images)

Dozens of legitimate WordPress add-ons downloaded from their original sources have been found backdoored through a supply chain attack, researchers said. The backdoor has been found on “quite a few” sites running the open source content management system.

The backdoor gave the particular attackers full administrative control of websites that used at least 93 WordPress plugins and themes downloaded from AccessPress Themes . The backdoor was discovered by security researchers from JetPack, the maker of security software owned by Automatic, provider of the WordPress. com hosting service and a major contributor to the development of WordPress. In all, Jetpack found that 40 AccessPress themes and 53 plugins were affected.

Unknowingly providing access to the attacker

In a post published Thursday, Jetpack researcher Harald Eilertsen said timestamps and other evidence suggested the backdoors were introduced intentionally in a coordinated action after the themes and extensions were released. The affected software was available by download directly from the AccessPress Themes site. The same themes and plug ins mirrored on WordPress. org, typically the official developer site for this WordPress project, remained clean.

Read 7 remaining paragraphs | Comments

Related Articles
Tech

Meta’s cryptocurrency ploy all but dead with Libra/Diem seeking to sell assets

Posted on Author admin

Enlarge / With an image of Federal Reserve Bank Chairman Jerome Powell on a screen in the background, Facebook/Meta co-founder and CEO Mark Zuckerberg testifies before the House Financial Services Committee on October 23, 2019, in Washington, DC. (credit: Chip Somodevilla/Getty Images) After years of effort, Meta’s cryptocurrency initiative has collapsed under the weight of […]
Entertainment Tech

GoT alums among announced cast for Netflix Sandman adaptation

Posted on Author admin

Enlarge / Tom Sturridge has snagged the coveted role of Dream, aka Morpheus, in the Netflix adaptation of The Sandman. (credit: DC Comics) At long last, Netflix has announced several cast members for its hotly anticipated adaptation of Neil Gaiman’s award-winning graphic novel series Sandman. As Deadline Hollywood reports, Tom Sturridge (Being Julia, Pirate Radio) […]
Tech

Fortnite’s Nexus War Occasion Can expose Twitch streamers into DMCA Issues

Posted on Author admin

Expand / / Fortunately you can not hear this picture –it could lead to a DMCA attack if you can. (charge: Epic Games) Epic Games and Twitch are warning streamers who broadcast throughout Fortnite‘s season-ending Marvel-crossover”Nexus War” event the night they could want to substitute their VOD clips to prevent the possibility of DMCA copyright […]