Hackers breach Picreel, CloudCMS, affecting over 4,600 websites

In News

Hackers have breached two services and infected over 4,600 websites with malware by modifying their JavaScript code, according to cybersecurity researchers.

In a series of tweets, a researcher said that Picreel, an analytics service that enables website owners to see what users are doing and how they interact with a website, was hacked last week.

“Their 1200+ customer sites are now leaking data to an exfil server in Panama,” he said.

Later on, the same researcher said in another tweet, that CloudCMS.com had also been hacked, affecting some 3,400 websites. Its content delivery network (CDN) had been breached, allowing hackers to modify one of its Alpaca Forms scripts. Alpaca Forms is an open source project that lets website owners create web forms.

It is not known how hackers breached either service.

Reports say that CloudCMS has taken down the affected CDN serving up the compromised Alpaca Form script and that the incident is under investigation. Reports also say that both Picreel and CloudCMS have removed the malicious code from their services.

This is the latest in a series of efforts by hackers to compromise web sites through their use of open source components. In fact, in the 2019 OSSRA report it was observed that open source components were in use in 96 percent of the audited applications, and that’s because application development teams focus on their unique code and leave the plumbing and foundation to shared components from the open source community. Malicious actors then take advantage of this dynamic to affect components.

 

Comments

You may also read!

Kaspersky in partnership with Area9 Lyceum unveils Kaspersky Adaptive Online Training

Kaspersky has unveiled its new Kaspersky Adaptive Online Training, developed in partnership with Area9 Lyceum. The solution generates a

Read More...

SentinelOne chosen as the official cybersecurity provider to Aston Martin Lagonda

SentinelOne has been announced as the official cybersecurity provider to British luxury car manufacturer, Aston Martin Lagonda, deploying the

Read More...

Tenable ranked number one for device vulnerability management for 2019

Tenable, Inc. today announced that it has been ranked #1 for device vulnerability management for 2019 market share in

Read More...

Join Our Newsletter!

Love SecurityMEA? We love to tell you about our new stuff. Subscribe to newsletter!

Mobile Sliding Menu