Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Website Hack. Show all posts

Hackers Exploit Vulnerability in Popup Builder Plugin for WordPress

 

In a concerning development for website owners and administrators, hackers have been exploiting a vulnerability in the popular Popup Builder plugin for WordPress, resulting in the infection of over 3,300 websites worldwide. This security flaw, officially tracked as CVE-2023-6000, allows malicious actors to execute cross-site scripting (XSS) attacks on websites that are using outdated versions of the Popup Builder plugin, specifically versions 4.2.3 and older. 

The vulnerability was initially disclosed in November 2023, raising alarm bells in the cybersecurity community. Despite this disclosure, many site administrators failed to promptly update their systems, leaving them vulnerable to exploitation by hackers. Now, the consequences of this oversight are becoming apparent, with Sucuri, a prominent cybersecurity firm, reporting a recent surge in attacks targeting WordPress sites through this vulnerability. 

At the core of the exploit is the injection of malicious code into the Custom JavaScript or Custom CSS sections of the WordPress admin interface. This injected code is then stored within the 'wp_postmeta' database table, allowing hackers to manipulate the behavior of the Popup Builder plugin. By leveraging event handlers within the plugin, such as popup open or close events, hackers can execute various malicious actions, including redirecting unsuspecting visitors to phishing pages or malware-dropping sites. Sucuri's analysis has revealed that the attacks originate from domains such as "ttincoming.traveltraffic[.]cc" and "host.cloudsonicwave[.]com." 

As a proactive measure, site owners are advised to block access to these domains to mitigate the risk of infection. However, blocking domains alone may not be sufficient to fully protect websites from exploitation. To effectively safeguard against this threat, website owners must update to the latest version of the Popup Builder plugin, currently version 4.2.7. 

This updated version addresses CVE-2023-6000 and other security vulnerabilities, providing enhanced protection against malicious attacks. Despite the availability of patches, WordPress statistics indicate that a significant number of active sites continue to use outdated versions of the plugin, leaving them vulnerable to exploitation. 

In the unfortunate event of a website being infected, swift action is necessary to mitigate further damage. Site administrators should immediately remove any malicious entries injected into the Popup Builder's custom sections and conduct thorough scans to detect and eliminate any hidden backdoors that could facilitate reinfection. The prevalence of this vulnerability underscores the importance of maintaining robust cybersecurity practices for WordPress sites. 

By staying vigilant, promptly applying software updates, and implementing proactive security measures, website owners can better protect their sites and mitigate the risk of falling victim to malicious attacks. As the threat landscape continues to evolve, proactive security measures are essential to safeguarding the integrity and security of WordPress websites.

Cyber Attack at ODIN Intelligence Discloses a Massive Trove of Police Raid Files

 

A forensic extraction report outlined the contents of a suspect's phone, specific tactical plans for upcoming police raids, and private police reports with descriptions of alleged crimes and suspects. These documents are part of a sizable data cache that was taken from the internal servers of ODIN Intelligence, a tech company that offers software and services to law enforcement agencies, after its website was hacked and defaced over the weekend. 

In a message posted on ODIN's website, the group responsible for the hack claimed that it had attacked the business after its founder and CEO Erik McCauley denied a Wired report that found the company's flagship app SweepWizard, which is used by police to coordinate and plan multiagency raids, was insecure and leaked sensitive information about upcoming police operations to the open web.

The hackers claimed to have "shredded" the company's data and backups but not before stealing gigabytes of data from ODIN's systems. They also published the company's Amazon Web Services private keys for accessing its cloud-stored data.

All across the United States, ODIN creates and offers police departments apps like SweepWizard. The business also develops tools that let law enforcement keep an eye on convicted sex offenders from a distance. However, ODIN also came under fire for using derogatory language in its marketing and providing authorities with a facial recognition system for identifying homeless people last year. 

Prior to publication, several emails to ODIN's McCauley seeking comment went unanswered. However, the hack was confirmed in a data breach disclosure submitted to the California attorney general's office. 

The breach exposes gigabytes of sensitive law enforcement data uploaded by ODIN's police department clients in addition to enormous amounts of ODIN's own internal data. The breach raises concerns about ODIN's cybersecurity as well as the security and privacy of the thousands of people whose personal information was exposed, including crime victims and suspects who have not been charged with any crimes.

The information included dozens of folders with detailed tactical plans for upcoming raids, suspect mugshots, fingerprints, biometric descriptions, and other personally identifiable information, such as intelligence on people who might be present at the time of the raid, like children, roommates, and cohabitants, some of whom are listed as having "no crim[inal] history." Many of the documents had the disclaimers "confidential law enforcement only" and "controlled document," indicating that they should not be shared with anyone outside of the police force. 

Some of the files had the designation "test document" and had officer names like "Superman" and "Captain America" that were fictitious. But ODIN also employed real people, including Hollywood actors, who are unlikely to have given their permission for their names to be used. The goal of the raid was to "find a house to live in," according to a document with the title "Fresno House Search" that had no markings indicating it was a test of ODIN's front-facing systems. 

The ODIN sex offender monitoring system, which enables police and parole officers to register, supervise, and monitor convicted criminals, was also included in the cache of data that was leaked. More than a thousand documents, including names, home addresses (if not incarcerated), and other personal details, related to convicted sex offenders who are required to register with the state of California were found in the cache.

The website for ODIN is still unavailable as of Tuesday. It went offline shortly after it was defaced.

Internet Security: How to Defend Yourself Against Hackers

 

When was the last time you used WiFi in a public setting? Nowadays, almost every coffee shop, library, airport, and hotel provides a way for you to use your phone or other mobile devices to access the internet. That implies that, unless you have taken precautions to protect your data, the information on your phone may be accessible to hackers in the area. 

To safeguard your devices and sensitive data, abide by the following advice:

Utilize a firewall 

Firewalls are programmes that are integrated into Windows and macOS in order to erect a wall between your data and the outside world. Firewalls protect the network of your company from unauthorised access and notify you of any intrusion attempts. 

Before you go online, make sure the firewall is turned on. Depending on your broadband router, which additionally protects your network with a built-in firewall, you can also buy a hardware firewall from companies like Cisco, Sophos, or Fortinet. An additional business networking firewall can be bought if your company is bigger. 

Install antivirus protection 

Malware and computer viruses are pervasive. Computers are protected from malicious software and unauthorised code by antivirus programmes like Bitdefender, Panda Free Antivirus, Malwarebytes, and Avast. Viruses can cause effects that are obvious, like slowing down your computer or deleting important files, or they can be less obvious. 

By identifying real-time threats and protecting your data, antivirus software is crucial to safeguarding your system. Some cutting-edge antivirus programmes offer automatic updates, further safeguarding your computer against the fresh viruses that surface daily. Do not forget to use your antivirus programme after installing it. To keep your computer virus-free, run or programme routine virus scans. 

Set up a spyware removal programme 

Spyware is a special kind of software that covertly monitors and gathers data from individuals or businesses. It tends to present unwanted advertisements or search results that are intended to direct you to specific (often malicious) websites and is built to be difficult to detect and remove. In order to access passwords and other financial information, some spyware logs each keystroke. Even though anti-spyware focuses solely on this threat, it is frequently offered as part of popular antivirus packages from companies like Webroot, McAfee, and Norton. Through the scanning and blocking of threats, anti-spyware packages offer real-time protection. 

Create strong passwords 

The key to preventing network intrusions is to use strong passwords. It is more difficult for a hacker to access your system the more secure your passwords are. Longer and more complex often equates to more security. Use a password with at least eight characters, a mix of uppercase, lowercase, and computer symbols, and at least one number.

Hackers have a variety of tools at their disposal to quickly crack short, simple passwords. Never use recognisable words or phrases that stand in for birthdays or other personally identifiable information. Do not use the same password twice. Consider using a password manager like Dashlane, Sticky Password, LastPass, or Password Boss if you have too many passwords to remember.