silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,174
Websites built on two of the most popular content management systems used in publishing are being hacked and exploited to deliver ransomware and other malware to visitors.
Cyber criminals are exploiting vulnerabilities in plug-ins, themes and extensions on Wordpress and Joomla sites and using them to serve up Shade ransomware and other malicious content.
Researchers at security company Zscaler have detailed how attackers are using a hidden directory on HTTPS for malicious purposes. This well-known directory is commonly used by website owners to demonstrate ownership of the domain to the certificate authority that scans for code to recognise that the domain is validated.
However, by using exploits to gain access to these hidden pages, attackers can use them to hide malware and other malicious content from website administrators.