The Independent newspaper has confirmed it has suffered a major attack on its online blog section, which has now been compromised to serve out ransomware to unsuspecting readers.
The WordPress-based blog page could be putting millions of readers at risk, according to security firm Trend Micro, although the rest of the paper’s site is thought to be unaffected.
Trend Micro says it has informed the Independent of the hack, which appears to have begun on November 21, meaning readers have been at risk for several weeks.
Chen discovered a compromised blog page which redirected users to pages hosting the exploit kit. If the user does not have an updated version of Adobe Flash Player, the vulnerable system will download the Cryptesla 2.2.0 ransomware onto their system.
This malware then encrypts a user’s files and demands a payment for the key to decrypt them.
The WordPress platform, which offers free web hosting to users, has been a popular target for hackers over the past few years, thanks to its users base of over 15.5 billion pages each month and wide choice of plug-ins for its sites.
In December 2014, more than 100,000 WordPress sites were infected with the SoakSoak malware by way of an unpatched vulnerable plug-in.
This came days after the FBI warned that political extremists were also targeting WordPress sites.
Back in April, Finnish researchers also uncovered a dangerous XSS bug which could allow malicious code to be injected into website comments, days after dozens of WordPress plugins were updated in order to patch a widespread XSS vulnerability that resulted from programmers’ incorrect use of two commonly used programming functions that modify or add query strings to web addresses.
Are you a security pro? Try our quiz!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…