- Ministry of Defence website goes down; National Informatics Centre denies ‘hacking’
The website of Ministry of Defence website went down yesterday and Chinese text appeared on the web page. According to the latest report the website has encountered an unexpected error. Please try again later” message was being flashed on the home page. However, National Informatics Centre (NIC) clarified that “Ministry of Defence website is not hacked. There is some technical issue since 2:30 PM. The data Centre is managed by the NIC, which also said there was no hacking of the sites. The Centre uses the Drupal open source content management platform as its front end while hosting the sites on its data centers located across the country. In fact, a March 28 security alert on the Drupal groups, the platform’s official developer forum, had flagged a “highly critical risk” on the earlier versions of the CMS platform. It said this vulnerability “potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised”. It was not clear on which versions of Drupal the government sites were hosted.
Cyber Security Tips: To prevent your website from being hack you are strongly recommended that keep your web CMS up-to-date, keep your server secure and updated, check user provide input functionality, check for the vulnerabilities in your application, avoid running unnecessary services and keep using security peripheral to detect malicious activities.
- Remote Execution Flaw Threatens Apps Built Using Spring Framework — Patch Now
Spring Framework is a Java platform that provides comprehensive infrastructure support for developing Java applications. The security researchers have discovered three vulnerabilities in the Spring Development Framework, one of which is a critical remote code execution flaw that could allow remote attackers to execute arbitrary code against applications built with it. Three vulnerabilities (CVE-2018-1270), (CVE-2018-1271) and (CVE-2018-1272) discovered in Spring Framework versions 5.0 to 5.0.4, 4.3 to 4.3.14, and older unsupported versions. Vulnerable Spring Framework versions expose STOMP clients over WebSocket endpoints with an in-memory STOMP broker through the ‘spring-messaging’ module, which could allow an attacker to send a maliciously crafted message to the broker, leading to a remote code execution attack.
Cyber Security Tips: Developers and administrators are highly recommended to upgrade their software to the latest versions immediately.
- Finland’s 3rd Largest Data Breach Exposes 130,000 Users’ Plaintext Passwords
New day new data breach according to the report published by Hacker News Finnish Communications Regulatory Authority (FICORA) is warning users of a large-scale data breach in a website maintained by the New Business Center in Helsinki (“Helsingin Uusyrityskeskus”). Over 130,000 Finnish citizens have had their credentials compromised. Unknown attackers managed to hack the website (http://liiketoimintasuunnitelma.com) and stole over 130,000 users’ login usernames and passwords, which were stored on the site in plain-text without using any cryptographic hash. The incident has been reported to the Helsinki police, who is currently investigating the case as a gross fraud.
Cyber Security Tips: Users are strongly recommended that change their password as soon as possible, keep monitoring your account, if you used same credentials for different for your different account you are recommended to reset it. To prevent from such data breached you are recommended to keep your server secured with patches, use strong encryption to stored data.
- Shekhar Suman’s Facebook account hacked
Shekhar Suman is an Indian film actor, anchor, producer, director, and singer. According to the latest report the Shekhar Suman’s Facebook account was hacked on Friday evening and posted some nude pictures and objectionable material on my wall. The hack came into the picture when he started getting calls from some friends mentioning how someone must have hacked my account and posting some nude pictures and objectionable material on my wall. I will be reporting to the cyber-crime cell about it,” Shekhar told IANS. It not cleared yet how attacker took control over his Facebook account.
Cyber security Tips: To prevent your Facebook account from being hacked you are strongly recommended that keep your password strong, never keep your personal details on Facebook account, avoid connecting with unknown peoples, think before clicking on any links.