A widespread exploitation campaign is targeting content management systems (CMS) and their plugins globally, with numerous Australian businesses already impacted. The Australian Cyber Security Centre (ACSC) has issued an alert detailing how threat actors are deploying webshells on compromised websites, leading to potential service disruptions, data theft, and further network infiltration, according to a recent report by Bleeping Computer.The ACSC reports that malicious actors are actively scanning websites for vulnerabilities in various CMS platforms and plugins, including WordPress, Craft CMS, MaxSite CMS, MetInfo CMS, and Joomla JCE. Exploited vulnerabilities are linked to specific plugins such as Simple File List, WavePlayer, Ninja Forms, and Craft CMS, among others. These exploits allow for the deployment of webshells, which grant persistent access for attackers to disrupt services, steal credentials, and deploy additional malware. The campaign may be accelerated by AI, enabling threat actors to scale their attacks more effectively.Website administrators are strongly advised to apply the latest security updates for all CMS components, remove unused plugins, enable automatic updates, and implement stricter security measures like read-only directories and monitoring for unauthorized file creation.Source: Bleeping Computer
Threat Intelligence
Australian businesses targeted in global content management system exploitation campaign

Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



