An Interest In:
Web News this Week
- April 26, 2024
- April 25, 2024
- April 24, 2024
- April 23, 2024
- April 22, 2024
- April 21, 2024
- April 20, 2024
January 6, 2020 08:20 pm
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/10E-cH4YVp4/unpatched-us-government-website-gets-pwned-by-pro-iran-script-kiddie
Unpatched US Government Website Gets Pwned By Pro-Iran Script Kiddie
An anonymous reader quotes a report from Ars Technica: On the heels of the killing of Iranian Revolutionary Guard Corps General Qassem Soleimani by a U.S. MQ-9 Reaper strike on January 2, the U.S. Department of Homeland Security warned of potential cyberattacks against critical infrastructure by Iran. That warning probably didn't apply to the website of the Federal Deposit Library Program, operated by the U.S. Government Printing Office -- which was defaced on January 4 with a pro-Iranian message and an image of a bloodied President Donald Trump being punched by an Iranian fist. The FDLP website is no stranger to defacement attacks. As a brief analysis of the attack by a security researcher with the Twitter username @sshell_ noted, the site has been defaced twice in the last 10 years -- most recently in 2014, when it was replaced with an electronic dance music video featuring a dancing cat. Based on a fingerprint of the site's files, the site -- based on the Joomla content management system -- had not had its code updated since 2012. And the site had modules that used a version of Joomla's RSForm that had been flagged 11 months ago as being vulnerable to a SQL Injection attack. While the image depicting Trump had no metadata attached to it, another image with text had Exchangeable Image File Format (EXIF) data indicating it had been created with Adobe Photoshop CS 6 for Windows in 2015. As sshell_ noted, the image was used in a defacement reported to the "cybercrime archive" Zone-H by a user identifying themselves as IRAN-CYBER on December 2, 2015. A DHS spokesperson for the Cybersecurity and Infrastructure Security Agency (CISA) said that "there is no confirmation that this was the action of Iranian state-sponsored actors."Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/10E-cH4YVp4/unpatched-us-government-website-gets-pwned-by-pro-iran-script-kiddie
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot