Zero-day in popular jQuery plugin actively exploited for at least three years
|
|
More than 4000 websites, including many belonging to governments around the world, were hijacked this weekend by hackers who managed to plant code designed to exploit the computer power of visiting PCs and mine for cryptocurrency.
As many as 200,000 websites may have been running a WordPress plugin that allowed third parties to publish any content they wished on victims’ sites via a backdoor. Watch out for supply chain attacks that could impact your website…
Read more in my article on the Tripwire State of Security blog.
SC Magazine |
500+ Android apps found containing program that can download spyware plug-in
SC Magazine More than 500 mobile apps on Google Play were recently discovered containing an advertising software development kit capable of downloading malicious plug-ins that can spy on Android users' call histories, researchers from mobile security company … |