This whole thing is more than a little bit concerning.
-
This whole thing is more than a little bit concerning.
Sharing for any of my friends who use Wordpress and its plugin marketplace.
Someone Bought 30 WordPress Plugins and Planted a Backdoor in All of Them.
Last week, I wrote about catching a supply chain attack on a WordPress plugin called Widget Logic. A trusted name, acquired by a new owner, turned into
Anchor Hosting (anchor.host)
@britt “And here is the wildest part. It resolved its C2 domain through an Ethereum smart contract, querying public blockchain RPC endpoints. Traditional domain takedowns would not work because the attacker could update the smart contract to point to a new domain at any time.”
Clever
-
This whole thing is more than a little bit concerning.
Sharing for any of my friends who use Wordpress and its plugin marketplace.
Someone Bought 30 WordPress Plugins and Planted a Backdoor in All of Them.
Last week, I wrote about catching a supply chain attack on a WordPress plugin called Widget Logic. A trusted name, acquired by a new owner, turned into
Anchor Hosting (anchor.host)
@britt Thanks for the heads up. I don't use WP but know lots of people that do.
-
This whole thing is more than a little bit concerning.
Sharing for any of my friends who use Wordpress and its plugin marketplace.
Someone Bought 30 WordPress Plugins and Planted a Backdoor in All of Them.
Last week, I wrote about catching a supply chain attack on a WordPress plugin called Widget Logic. A trusted name, acquired by a new owner, turned into
Anchor Hosting (anchor.host)
@britt I always hated those commercial 3rd party plugins. I never trusted them. This was one reason to switch from Wordpress to Hugo.
-
This whole thing is more than a little bit concerning.
Sharing for any of my friends who use Wordpress and its plugin marketplace.
Someone Bought 30 WordPress Plugins and Planted a Backdoor in All of Them.
Last week, I wrote about catching a supply chain attack on a WordPress plugin called Widget Logic. A trusted name, acquired by a new owner, turned into
Anchor Hosting (anchor.host)
@britt I'm really surprised this isn't being talked about more. We saw an alert in WP Admin last week and quickly patched our sites, but this is the first mention I've seen of this in the wild.
-
This whole thing is more than a little bit concerning.
Sharing for any of my friends who use Wordpress and its plugin marketplace.
Someone Bought 30 WordPress Plugins and Planted a Backdoor in All of Them.
Last week, I wrote about catching a supply chain attack on a WordPress plugin called Widget Logic. A trusted name, acquired by a new owner, turned into
Anchor Hosting (anchor.host)
@britt holy moly
-
This whole thing is more than a little bit concerning.
Sharing for any of my friends who use Wordpress and its plugin marketplace.
Someone Bought 30 WordPress Plugins and Planted a Backdoor in All of Them.
Last week, I wrote about catching a supply chain attack on a WordPress plugin called Widget Logic. A trusted name, acquired by a new owner, turned into
Anchor Hosting (anchor.host)
@britt I probably shouldn't be surprised that the market for fraud is so lucrative that buying an entire company to turn it into an engine for backdooring websites is a potentially profitable move.
-
This whole thing is more than a little bit concerning.
Sharing for any of my friends who use Wordpress and its plugin marketplace.
Someone Bought 30 WordPress Plugins and Planted a Backdoor in All of Them.
Last week, I wrote about catching a supply chain attack on a WordPress plugin called Widget Logic. A trusted name, acquired by a new owner, turned into
Anchor Hosting (anchor.host)
@britt I stopped using WordPress this year because of how many people try to hack it everyday.
-
R relay@relay.mycrowd.ca shared this topic
E em0nm4stodon@infosec.exchange shared this topic
-
This whole thing is more than a little bit concerning.
Sharing for any of my friends who use Wordpress and its plugin marketplace.
Someone Bought 30 WordPress Plugins and Planted a Backdoor in All of Them.
Last week, I wrote about catching a supply chain attack on a WordPress plugin called Widget Logic. A trusted name, acquired by a new owner, turned into
Anchor Hosting (anchor.host)
@britt Thank you
-
This whole thing is more than a little bit concerning.
Sharing for any of my friends who use Wordpress and its plugin marketplace.
Someone Bought 30 WordPress Plugins and Planted a Backdoor in All of Them.
Last week, I wrote about catching a supply chain attack on a WordPress plugin called Widget Logic. A trusted name, acquired by a new owner, turned into
Anchor Hosting (anchor.host)
@britt From the perspective of capitalist walled-garden plugin repositories, this is everything working as intended.
You're *supposed* to be able to monetize people's trust in you by selling that to malicious parties, duh.
🤬
-
@britt From the perspective of capitalist walled-garden plugin repositories, this is everything working as intended.
You're *supposed* to be able to monetize people's trust in you by selling that to malicious parties, duh.
🤬
@britt There are so many things they could do to make this kind of operation less lucrative, less effective, more risky, etc. and it's very telling that they won't.
