United Nations, UK government sites are among the victims
Websense Security Labs yesterday reported a new JavaScript injection attack that has infected "hundreds of thousands" of Websites, including a United Nations site and some UK government sites.
Web users who browse the infected sites will unknowingly load a file that automatically attempts to serve up a concoction of eight different exploits designed to gain access to their computers and install information-stealing malware, Websense says in its report.
The mass attack appears to be from the same group of individuals who launched a similar "iFrame" attack a few weeks ago, which compromised thousands of Internet domains, including U.S. news and travel sites.
"The attackers have now switched over to a new domain as their hub for hosting the malicious payload in this attack," Websense says. "We have no doubt that the two attacks are related."
In the space of just a few hours yesterday, Websense said it saw the number of compromised sites increase by a factor of ten.
— Tim Wilson, Site Editor, Dark Reading
About the Author(s)
You May Also Like
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024