Israel: Authorities arrested mobile monitoring company executives
infosec

Israel: Authorities arrested mobile monitoring company executives

According to Israeli media, police have arrested a company executive who sells surveillance tools ...
Read More
infosec

Nicole Scherzinger falls victim to a hacker on Instagram

Fans were quick to warn Nicole Scherzinger after her Instagram account had been hacked. A...
Read More
infosec

Browser Extensions help hackers steal from you!

Browser extensions can help hackers steal your passwords, Casa CEO Jeremy Welch warns.
Read More
infosec

Email fraud threatens to expose alleged pedophiles

According to the latest report by ESET Ireland, an email scam is surrounding many Irish mailboxes. In the email, ...
Read More
infosec

New spam campaign uses Ordinypt malware and targets German companies

In recent days, many companies in Germany are facing a new spam campaign. A woman named "Eva Richter" sends ...
Read More
Latest Posts

New attack by hackers puts 4.600 websites at risk

hackersA new attack from hackers may have compromised thousands of websites. As it has been known, some hackers attacked two services designed for websites. These services are Alpaca Forms and Picreel. Their violation may result in infect 4.600 websites with malicious code.

With malicious code, hackers have the ability to acquire all of them data which are imported into the forms. We do not know exactly how hackers managed to break the services, but there is a suspicion violated the Cloud CMS CDN and modified one of the service scripts. Cloud CMS has developed the open source Alpaca Forms service about 8 years ago.

The attacks were discovered by researcher Willem de Groot. According to information, when Cloud CMS was informed of the violation, it turned off the CDN that served the malicious script.

A few words about broken services

The Alpaca Forms open source service helps create HTML5 forms for mobile applications and the internet. The service offers many features and makes it easy for users to create a form using JSON Schema and Handlebars.

Cloud CMS CTO, Michael Uzquiano, said only one Alpaca Forms JavaScript file has been compromised in CDN.

As we said above, the malicious code records the information entered into the forms. Usually it is codes, financial data, payments, and more. He then sends this information to a server located in Panama and controlled by hackers.

The Picreel service monitors the movements of visitors sites (real-time mouse movements). In this way, site owners know user preferences and display targeted ads. It is assumed that there are sites embedded JavaScript code, which allows the service to do its job. This code has hackers violated and has added malware.

Malicious code in Picreel script has been found in 1.249 websites, while the code in the Alpaca Forms has been found in 3.435 domains.

Cloud CMS, after disabling the CDN with the malicious script, began research. According to her, there is no problem with Cloud CMS, customers or products.

However, it seems that behind both attacks are the same hackers.

Share
Do you have an opinion? Leave your comment.

The author allows you to copy his / her text only if you report the source (SecNews.gr), as an e-mail address (Live URL) of the article.
Updated on by
Absent Mia

About Absent Mia

Being your self, in a world that constantly tries to change you, is your greatest achievement

Reader Interactions

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *