• About
  • Advertise
  • Careers
  • Contact
Monday, March 20, 2023
No Result
View All Result
NEWSLETTER
Cyber360 News
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
No Result
View All Result
Cyber360 News
No Result
View All Result
Home Security

4,600 Websites Prone To Hacking! Payment Data And Passwords At Risk!

by Cyber360 News
November 11, 2019
in Security
0
4,600 Websites Prone To Hacking! Payment Data And Passwords At Risk!
0
SHARES
0
VIEWS
Share on FacebookShare on Twitter

A report from ZDNet has highlighted that some notorious hackers have been able to breach two services designed for websites. As a result, they’ve infected more than 4,600 websites with malicious code. The two services in question are open source Alpaca Forms and analytics service Picreel. These attacks were first spotted by security researcher Willem de Groot.

With the help of the malicious script, which is still live, the hackers are able to record all the data that’s entered in the form fields. While the exact route of infection remains unknown, it seems that hackers have breached the CDN of Cloud CMS; Cloud CMS developed Alpaca Forms and open sourced it about 8 years ago.

jamf now

As told to ZDNet, Cloud CMS has intervened and disabled the CDN that was serving the notorious script.

For a better understanding of the risk, let me briefly tell you about the infected projects. The open source Alpaca Forms lets one create interactive HTML5 forms for mobile apps and the web. It makes use of JSON Schema and Handlebars to help you create forms easily.

On the other hand, Picreel tracks the interactions made by website visitors by keeping an eye on their scrolls and mouse movements in real-time. With this data, the website owners can trigger targeted offers and collect leads.

Supply chain attack of the week: @Picreel_
marketing software got hacked last night, their 1200+ customer sites are now leaking data to an exfil server in Panama.

Victims: https://t.co/0qJX6LGEdG

Decoded malware: https://t.co/ZiuhUBP3cf pic.twitter.com/X9uDIctYa9

— Willem de Groot (@gwillem) May 12, 2019

Another example of supply chain attack

Also called a third-party or value-chain attack, a supply chain attack takes place when a hacker is able to enter the systems via some outside provider. With the expanding usage of third-party services and data sharing, this attack vector is becoming increasingly common these days. We’ve also seen attacks that involve installing a rootkit or hardware spy components in the devices right in the middle of the manufacturing process.

As per a report from cybersecurity firm Symantec, the supply chain attacks have increased by 78 percent between 2017 and 2018. As such attacks have a very high potential to cause financial damage to an organization, cybersecurity is also becoming an integral part of Supply Chain Management.

jamf now
Also Read: Hackers Are Deleting Git Repos And Holding Code Ransom For Bitcoins
Cyber360 News

Cyber360 News

Next Post
In a new extortion scam, a cybercriminal is sending threatening emails to unsuspecting users asking them to pay a whopping $4,000 in Bitcoin or wait to be executed by a hitman.

In a new extortion scam, a cybercriminal is sending threatening emails to unsuspecting users asking them to pay a whopping $4,000 in Bitcoin or wait to be executed by a hitman.

Recent Posts

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

October 6, 2021
Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

October 1, 2021
Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

October 1, 2021

Whats New in Kali Linux?

September 14, 2021

Kali Linux 2019.3 Release (CloudFlare, Kali-status, metapackages, Helper-Scripts & LXD)

September 14, 2021

Kali Linux 2021.3 Release (OpenSSL, Kali-Tools, Kali Live VM Support, Kali NetHunter Smartwatch)

September 14, 2021

Kali Linux 2018.4 Release

September 14, 2021

Kali Linux 1.0.5 and Software Defined Radio

September 14, 2021

Kali Tools Website Launched, 1.0.9 Release

September 14, 2021

Kali Linux Dojo at Black Hat Vegas 2016

September 14, 2021

Category

Site Links

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

About Us

We bring you the best Premium WordPress Themes that perfect for news, magazine, personal blog, etc. Check our landing page for details.

© 2019 Cyber360 News - Powered by WebSensePro

No Result
View All Result
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us

© 2019 Cyber360 News - Powered by WebSensePro

Login to your account below

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In