Security
  • Menu
  • All Tips
  • FAQs
  • Categories
  • Guidelines
  • Data Security Support
  • Tools
  • Have I Been Pwned?
  • Pwned Passwords
  • Email Checker
  • Password Generator
  • My IP
  • Privacy
DATA PRIVACY NOTICE AND CONSENT FORM

Cloudstaff is committed to protecting the privacy of its data subjects, and ensuring the safety and security of personal data under its control and custody. This policy provides information on what personal data is gathered by Cloudstaff Security Tips about its current, past, and prospective employees; how it will use and process this; how it will keep this secure; and how it will dispose of it when it is no longer needed. This information is provided in compliance with the Philippine Republic Act No. 10173, also known as, the Data Privacy Act of 2012 (DPA) and its Implementing Rules and Regulations (DPA-IRR). It sets out Cloudstaffs’ data protection practices designed to safeguard the personal data of individuals it deals with, and also to inform such individuals of their rights under the Act.

The personal data obtained from this application is entered and stored within the Cloudstaff system and will only be accessed by the Cloudstaff’s authorized personnel. Cloudstaff have instituted appropriate organizational, technical and cloud security measures (Amazon Web Services Shared Responsibility) to ensure the protection of the users personal data.

Information collected will be automatically deleted after three (3) years inactivity.

Furthermore, the information collected and stored in the application are as follows:
  • Given Name
  • Family Name
  • Avatar [Profile Picture]

USER CONSENT

I have read the Data Privacy Statement and expressed my consent for Cloudstaff to collect, record, organize, update or modify, retrieve, consult, use, consolidate, block, erase or destruct my personal data as part of my information.

I hereby affirm my right to be informed, object to processing, access and rectify, suspend or withdraw my personal data, and be indemnified in case of damages pursuant to the provisions of the Republic Act No. 10173 of the Philippines, Data Privacy Act of 2012 and its corresponding Implementing Rules and Regulations.

If you want to exercise any of your rights, or if you have any questions about how we process your personal data, please contact Cloudstaff’s Data Protection Officer, through the following channel:

Email to privacy@cloudstaff.com

  • Log in Now
WordPress Vulnerability Exploited: Balada Injector Strikes 7,100 Websites via Plugin Weakness

Thousands of WordPress websites, utilizing an insecure version of the Popup Builder plugin, have fallen victim to a malware named Balada Injector. Discovered by Doctor Web in January 2023, the attack operates through periodic waves exploiting vulnerabilities in WordPress plugins. These attacks insert backdoors designed to redirect visitors to deceptive tech support pages, fake lottery winnings, and push notification scams. Sucuri's subsequent investigations revealed the extensive nature of the operation, active since 2017 and infiltrating over 1 million sites. Identified on December 13, 2023, Sucuri detected Balada Injector activities on more than 7,100 sites, leveraging a high-severity flaw (CVE-2023-6000, CVSS score: 8.8) in Popup Builder, a plugin with 200,000+ active installs. WPScan disclosed the vulnerability a day earlier, and the issue was addressed in version 4.2.3.

When successfully exploited, the vulnerability allows attackers to perform actions within the target site that the logged-in administrator can do, including installing arbitrary plugins and creating rogue Administrator users, as highlighted by WPScan researcher Marc Montpas. The campaign's ultimate aim is to implant a malicious JavaScript file hosted on specialcraftbox[.]com, enabling control of the website for malicious redirects. Balada Injector's operators establish persistent control by uploading backdoors, adding malicious plugins, and creating rogue blog administrators. JavaScript injections specifically target logged-in site administrators, utilizing their browser cookies to emulate administrator activity.

Sucuri researcher Denis Sinegubko noted that when blog administrators log in, their browser contains cookies allowing administrative tasks without repeated authentication. The new Balada Injector wave, detected if logged-in admin cookies are present, exploits elevated privileges to install a rogue backdoor plugin ("wp-felody.php" or "Wp Felody"). This facilitates fetching a second-stage payload from the specified domain, saved as "sasas" in the temporary files directory, executed, and subsequently deleted. The payload scans directories up to three levels above the current one, modifying the wp-blog-header.php file in detected site root directories to inject the same Balada JavaScript malware as initially inserted via the Popup Builder vulnerability.

Source: https://thehackernews.com/2024/01/balada-injector-infects-over-7100.html

Caitlin Joyce (CaitlinG) Galanza | News
Created: January 15 2024 | Updated: on 1/15/24
Comments

diannede@cloudstaff.com
diannede@cloudstaff.com

January 17, 2024 12:09 (on 1/17/24)

  2021 © Mazer

Security Tips v2.0.1 | Crafted with by Saugi