Ethical hacking-Penetration Testing: Necessary to protect your data
infosec

Ethical hacking-Penetration Testing: Necessary to protect your data

If you want to protect your personal or corporate data from hackers, it would be good to attend some lessons ...
Read More
inet infosec

Stand-alone vehicles: Is it really safe or not?

Most of us growing up, we have admired mainly in the movie these large stand-alone vehicles that were advanced and possessed ...
Read More
infosec

Are Ships Safe from Cyber ​​Attacks?

Nowadays, even ships are at risk of hacking. New systems they use to connect ...
Read More
infosec

Malicious insider attacks on financial services!

It is well known that the sector most affected by cyberattacks is the business sector and in particular financial services ....
Read More
infosec

FaceApp became viral again. Does it endanger our personal life?

FaceApp. The application is reverted to viral after two years of circulation. Its effects have improved and many influencers decided to bring back ...
Read More
Latest Posts

New attack by hackers puts 4.600 websites at risk

hackersA new attack from hackers may have compromised thousands of websites. As it has been known, some hackers attacked two services designed for websites. These services are Alpaca Forms and Picreel. Their violation may result in infect 4.600 websites with malicious code.

With malicious code, hackers have the ability to acquire all of them data which are imported into the forms. We do not know exactly how hackers managed to break the services, but there is a suspicion violated the Cloud CMS CDN and modified one of the service scripts. Cloud CMS has developed the open source Alpaca Forms service about 8 years ago.

The attacks were discovered by researcher Willem de Groot. According to information, when Cloud CMS was informed of the violation, it turned off the CDN that served the malicious script.

A few words about broken services

The Alpaca Forms open source service helps create HTML5 forms for mobile applications and the internet. The service offers many features and makes it easy for users to create a form using JSON Schema and Handlebars.

Cloud CMS CTO, Michael Uzquiano, said only one Alpaca Forms JavaScript file has been compromised in CDN.

As we said above, the malicious code records the information entered into the forms. Usually it is codes, financial data, payments, and more. He then sends this information to a server located in Panama and controlled by hackers.

The Picreel service monitors the movements of visitors sites (real-time mouse movements). In this way, site owners know user preferences and display targeted ads. It is assumed that there are sites embedded JavaScript code, which allows the service to do its job. This code has hackers violated and has added malware.

Malicious code in Picreel script has been found in 1.249 websites, while the code in the Alpaca Forms has been found in 3.435 domains.

Cloud CMS, after disabling the CDN with the malicious script, began research. According to her, there is no problem with Cloud CMS, customers or products.

However, it seems that behind both attacks are the same hackers.

Share
Do you have an opinion? Leave your comment.

The author allows you to copy his / her text only if you report the source (SecNews.gr), as an e-mail address (Live URL) of the article.
Updated on by

Reader Interactions

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *