Hackers breach Picreel, CloudCMS, affecting over 4,600 websites

In News

Hackers have breached two services and infected over 4,600 websites with malware by modifying their JavaScript code, according to cybersecurity researchers.

In a series of tweets, a researcher said that Picreel, an analytics service that enables website owners to see what users are doing and how they interact with a website, was hacked last week.

“Their 1200+ customer sites are now leaking data to an exfil server in Panama,” he said.

Later on, the same researcher said in another tweet, that CloudCMS.com had also been hacked, affecting some 3,400 websites. Its content delivery network (CDN) had been breached, allowing hackers to modify one of its Alpaca Forms scripts. Alpaca Forms is an open source project that lets website owners create web forms.

It is not known how hackers breached either service.

Reports say that CloudCMS has taken down the affected CDN serving up the compromised Alpaca Form script and that the incident is under investigation. Reports also say that both Picreel and CloudCMS have removed the malicious code from their services.

This is the latest in a series of efforts by hackers to compromise web sites through their use of open source components. In fact, in the 2019 OSSRA report it was observed that open source components were in use in 96 percent of the audited applications, and that’s because application development teams focus on their unique code and leave the plumbing and foundation to shared components from the open source community. Malicious actors then take advantage of this dynamic to affect components.



You may also read!

Security vulnerability in Bluetooth puts iOS and Windows 10 devices at risk

In a research paper titled Tracking Anonymized Bluetooth Devices, researchers have revealed that a security flaw in Bluetooth communication


Humans cause nine out of ten data breaches in the cloud

Incidents in public cloud infrastructure are more likely to happen because of a customer’s employees rather than actions carried


FireEye expands Managed Defense MDR services

FireEye, the intelligence-led security company, today announced the availability of two new managed detection and response (MDR) service offerings


Join Our Newsletter!

Love SecurityMEA? We love to tell you about our new stuff. Subscribe to newsletter!

Mobile Sliding Menu