WordPress plugin Popup Builder compromised

Mar 13 2024

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that wonders why the cybercriminals can’t do something useful like hack #EuroVision24 πŸ˜‚ Just kidding!! πŸ™ˆ

Today’s hottest cybersecurity news stories:

  • πŸ”Œ WordPress plugin Popup Builder compromised, 3,900+ sites infected πŸ’‰

  • πŸ‘¨β€πŸ’» Ransomware attack! Equilend warms employees their data’s been had

  • πŸ’Έ $47M in cryptocurrency stolen via phishing attacks in February alone πŸ“…

Popup the builder, can he fix it? Popup the builder, don’t you start πŸ’€




🚨 WordPress Alert: Malware Campaign Exploits Popup Builder Plugin πŸ”’

πŸ›‘οΈ A new malware campaign is exploiting a critical vulnerability (CVE-2023-6000) in the Popup Builder plugin for WordPress, infecting over 3,900 sites in just three weeks.

πŸ” Security researcher Puja Srivastava warns that attackers are leveraging newly registered domains to orchestrate these attacks, injecting malicious JavaScript code to redirect visitors to phishing and scam pages.

πŸ”‘ Site owners are urged to update their plugins promptly and conduct thorough scans for any suspicious code or unauthorised users. Vigilance is crucial to prevent further compromises.

⚠️ Meanwhile, another high-severity bug (CVE-2024-2123) has been disclosed in the Ultimate Member plugin, allowing attackers to inject arbitrary web scripts and potentially gain administrative access.

🚨 The importance of maintaining software patches and vigilance cannot be overstated in safeguarding WordPress sites against evolving cyber threats.

Stay informed, stay protected!


Signup for Free


Learn AI in 5 minutes a day. We’ll teach you how to save time and earn more with AI. Join 400,000+ free daily readers for trending tools, productivity boosting prompts, the latest news, and more.

I thought they had Equilend-to-end encryption 😏

🚨 EquiLend Holdings Data Breach Alert πŸ“

πŸ”’ EquiLend Holdings, a prominent securities lending platform based in New York, has confirmed a data breach resulting from a ransomware attack in January. The attack forced EquiLend to take some systems offline on January 22, with LockBit ransomware claiming responsibility.

πŸ” While EquiLend swiftly restored client-facing services, it has disclosed that employee data, including names, dates of birth, and Social Security numbers, was stolen in the breach. Despite no evidence of fraudulent activity yet, EquiLend is taking proactive steps by offering affected employees two years of free identity theft protection services through Identity Theft Guard Solutions (IDX).

πŸ›‘οΈ EquiLend, established in 2001 by leading global banks and broker-dealers, serves over 190 firms worldwide, including agency lending banks, hedge funds, and broker-dealers. Its Next Generation Trading (NGT) multi-asset securities trading platform facilitates transactions exceeding $2.4 trillion monthly.

πŸ’Ό The incident highlights the ongoing importance of robust cybersecurity measures in safeguarding sensitive financial data, underscoring the need for continued vigilance in today’s digital landscape.

🎣 Catch of the Day!! 🌊🐟🦞

πŸƒΒ The Motley Fool: β€œFool me once, shame on β€” shame on you. Fool me β€” you can’t get fooled again.” Good ol’ George Dubya πŸ˜‚ Let us tell who’s not fooling around though; that’s the CrΓΌe πŸ‘€ at Motley Fool. You’d be a fool (alright, enough already! πŸ™ˆ) not to check out their Share Tips from time to time so your savings can one day emerge from their cocoon as a beautiful butterfly! πŸ› Kidding aside, if you check out their website they’ve actually got a ton of great content with a wide variety of different investment ideas to suit most budgets πŸ€‘Β (LINK)

🚡 Wander: Find your happy place. Cue Happy Gilmore flashback πŸŒοΈβ›³πŸŒˆπŸ•ŠοΈ Mmmm Happy Place… πŸ˜‡ So, we’ve noticed a lot of you guys are interested in travel. As are we! We stumbled upon this cool company that offers a range of breath-taking spots around the United States and, honestly, the website alone is worth a gander. When all you see about the Land of the free and the home of the brave is news of rioting, looting and school shootings, it’s easy to forget how beautiful some parts of it are. The awe-inspiring locations along with the innovative architecture of the hotels sets Wander apart from your run of the mill American getaway 🏞️😍 (LINK)

🌊 Digital Ocean: If you build it they will come. Nope, we’re not talking about a baseball field for ghosts βšΎπŸ‘»πŸΏ (Great movie, to be fair πŸ™ˆ). This is the Digital Ocean who’ve got a really cool platform for building and hosting pretty much anything you can think of. If you check out their website you’ll find yourself catching the buzz even if you can’t code (guilty πŸ˜‘). But if you can and you’re looking for somewhere to test things out or launch something new or simply enhance what you’ve got, we’d recommend checking out their services fo’ sho πŸ˜‰ And how can you not love their slogan: Dream it. Build it. Grow it. Right on, brother! 🌿 (LINK)

Phishing for cryptoments 😬

🚨 Beware of Cryptocurrency Phishing Scams on X 🎣

πŸ’° Last month, cybercriminals orchestrated a surge in cryptocurrency phishing attacks, with victims collectively losing nearly $47 million. According to Scam Sniffer’s monthly report, over 57,000 individuals fell victim to these scams, primarily through impersonated accounts on X (formerly Twitter).

🎣 Fraudsters utilised fake X accounts, mimicking legitimate high-profile ones, to entice unsuspecting cryptocurrency holders. These accounts left comments on users’ posts, directing them to phishing sites where they were tricked into divulging sensitive information.

πŸ”’ Ethereum mainnet bore the brunt of these attacks, with ERC20 tokens accounting for 78% of the total theft volume. Phishing signatures like Permit, IncreaseAllowance, and Uniswap Permit2 were commonly exploited to steal assets.

⚠️ Scam Sniffer cautioned that wallet drainer attacks are now leveraging “account abstraction” wallets, originally designed to enhance smart contract compatibility but manipulated by malicious actors.

πŸ’‘ Despite the significant monetary losses, the number of victims losing over $1 million decreased by 75% compared to the previous month.

πŸ“± Additionally, users were warned against a scam app on the Apple App Store purporting to be the Leather wallet. The legitimate developers emphasised that their app is not yet available on iOS and urged users to download only from their official website to avoid falling victim to crypto-drainer malware.

πŸ—žοΈ Extra, Extra! Read all about it!

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • πŸ›‘οΈ Tl;dr sec: Join 30,000+ security professionals getting the best tools, blog posts, talks, and resources right in their inbox for free every Thursday πŸ“…

  • πŸ’΅Β Crypto Pragmatist: Crypto made simple. Actionable alpha in 5 minutes, 3x a week. Join 47,000+ investors and insiders, for πŸ†“

  • πŸ“ˆΒ Bitcoin Breakdown: The best in Bitcoin, carefully curated by an alien from the future πŸ‘Ύ

Let us know what you think!

So long and thanks for reading all the phish!

Recent articles