WordPress configuration information and database login details were posted online. Hacker group NullCrew recently claimed to have breached the Department of Homeland Security's Study in the States Web site, which provides information on educational opportunities in the U.S. for international students.
"The hackers have published WordPress configuration details, along with other server information and even database login credentials," writes Softpedia's Eduard Kovacs. "They’ve also revealed the exact location of the vulnerability that has allowed them to gain access to the site."
"Considering the DHS is meant to specialize in security, [you have to] wonder why they are using what is clearly [an] exploitable older version of WordPress," Cyber War News reports.
Sophos' Paul Ducklin says this should serve as a reminder to be sure you're updated with the latest security fixes for all back-end components you use, consider running a Web Application Firewall (WAF), and perform regular penetration tests against your own Web properties. "It's not a matter of if, or even of when, you might get attacked," he writes. "If you're inviting inbound Web requests, you're already under attack!"
No comments:
Post a Comment