#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Joomla hacked | Breaking Cybersecurity News | The Hacker News

CryptoPHP Backdoor Hijacks Servers with Malicious Plugins & Themes

CryptoPHP Backdoor Hijacks Servers with Malicious Plugins & Themes

Nov 24, 2014
Security researchers have discovered thousands of backdoored plugins and themes for the popular content management systems (CMS) that could be used by attackers to compromise web servers on a large scale. The Netherlands-based security firm Fox-IT has published a whitepaper revealing a new Backdoor named "CryptoPHP . " Security researchers have uncovered malicious plugins and themes for WordPress, Joomla and Drupal . However, there is a slight relief for Drupal users, as only themes are found to be infected from CryptoPHP backdoor. In order to victimize site administrators, miscreants makes use of a simple social engineering trick. They often lured site admins to download pirated versions of commercial CMS plugins and themes for free. Once downloaded, the malicious theme or plugin included backdoor installed on the admins' server. "By publishing pirated themes and plug-ins free for anyone to use instead of having to pay for them, the CryptoPHP actor is
New Botnet Campaign 'Fort Disco' Brute-Forcing Thousands of WordPress, Joomla Websites

New Botnet Campaign 'Fort Disco' Brute-Forcing Thousands of WordPress, Joomla Websites

Aug 09, 2013
Password theft has been a growing problem within the security community. Researchers at Arbor Networks have uncovered a botnet called Fort Disco that was used to compromise more than 6000 websites based on popular CMSs such as WordPress , Joomla and Datalife Engine. The Fort Disco botnet is currently made up of nearly 25,000 Windows machines and receives a list of sites to attack from a central command and control server. The bots receive also a list of common username-password combinations, typically composed of default combinations with password options including admin or 123456. Arbor Networks security researcher Matthew Bing said the attack has several advanced features that make it next to impossible to fully track and they obtained precious info on the botnet exploiting a misconfiguration on the attackers' side that made possible the analysis of logs on several of the six command and control servers discovered. " We stumbled upon these detailed logs the attacker left open o
How Nation-State Actors Target Your Business: New Research Exposes Major SaaS Vulnerabilities

How Nation-State Actors Target Your Business: New Research Exposes Major SaaS Vulnerabilities

Feb 15, 2024SaaS Security / Risk Management
With many of the highly publicized 2023 cyber attacks revolving around one or more SaaS applications, SaaS has become a cause for genuine concern in many boardroom discussions. More so than ever, considering that GenAI applications are, in fact, SaaS applications. Wing Security (Wing), a SaaS security company, conducted an analysis of 493 SaaS-using companies in Q4 of 2023.  Their study reveals  how companies use SaaS today, and the wide variety of threats that result from that usage. This unique analysis provides rare and important insights into the breadth and depth of SaaS-related risks, but also provides practical tips to mitigate them and ensure SaaS can be widely used without compromising security posture.  The TL;DR Version Of SaaS Security 2023 brought some now infamous examples of malicious players leveraging or directly targeting SaaS, including the North Korean group UNC4899, 0ktapus ransomware group, and Russian Midnight Blizzard APT, which targeted well-known organizat
Child Porn on Indian Government websites

Child Porn on Indian Government websites

Dec 20, 2012
One of the ' The Hacker News ' reader inform us today about porn content on some Indian Government websites. After analyzing such websites, we came across more than 30 sub domains belongs to ' entegramam.gov.in ' . Where ' entegramam' means "My village" and all sub domains of this website are names of the different cities of Kerala state. The websites are in Malayalam language and most of the sites are powered by Joomla and Drupal (older vulnerable versions) with discussion forums on them. On our further analyze we found that time stamp of the Porn articles posted on forum dated back to " 2012/08/30 16:00 ".  That means, Government websites hosting Child Porn content from last four months and authorities or  the moderators of the website are not aware about the issue. On a simple Google search, one can found all such pages : site:gov.in "nude"  for further reports and analyzing. Google also giving notification " This site ma
cyber security

Are You Vulnerable to Third-Party Breaches Through Interconnected SaaS Apps?

websiteWing SecuritySaaS Security / Risk Management
Protect against cascading risks by identifying and mitigating app2app and third-party SaaS vulnerabilities.
Cybersecurity Resources