FBI Hacked, Again! Hacker Leaks Data After Agency Failed to Patch Its Site

FBI Hacked, Again! Hacker Leaks Data After Agency Failed to Patch Its Site


fbi-website-hacked
It seems like the FBI has been hacked, once again!

A hacker, using Twitter handle CyberZeist, has claimed to have hacked the FBI's website (fbi.gov) and leaked personal account information of several FBI agents publically.

CyberZeist had initially exposed the flaw on 22 December, giving the FBI time to patch the vulnerability in its website's code before making the data public.

The hacker exploited a zero-day vulnerability in the Plone CMS, an Open Source Content Management software used by FBI to host its website, and leaked personal data of 155 FBI officials to Pastebin, including their names, passwords, and email accounts.

CyberZeist tweeted multiple screenshots as proof of his claims, showing his unauthorized access to server and database files using a zero-day local file inclusion type vulnerability affecting its python plugins.

Hacker also found that the FBI's website is hosted on a virtual machine running a customized older version of the open-source FreeBSD operating system.
FBI Hacked, Again! Hacker Leaks Data After Agency Failed to Patch Its Site
According to another tweet, the Plone CMS zero-day exploit is up for sale on an unnamed dark web marketplace.

Not Just FBI, All Sites Using Plone CMS are Vulnerable


The Plone CMS is considered to be one of the most secure CMSes available today and is used by many major websites like Google, and major United States agencies including the FBI and the CIA.

CyberZeist also warned other agencies, including the European Union Agency for Network and Information Security, Intellectual Property Rights Coordination Center, and Amnesty International, which are currently using the Plone CMS that they too are vulnerable to a similar attack.

The hacker also claimed the FBI officials contacted him and requested a copy of the stolen credentials, which they declined to provide.

The FBI authorities have yet to respond to the claims.

This is not the first time CyberZeist claimed to have hacked the FBI website. In 2011, the hacker breached the FBI website as a member of the infamous hacker collective known as "Anonymous."

Comments

Post a Comment

Popular posts from this blog

Android Phones Vulnerable to Extremely Dangerous Full Device Takeover Attack

Image
All Android Phones Vulnerable to Extremely Dangerous Full Device Takeover Attack Researchers have discovered a new attack, dubbed 'Cloak and Dagger', that works against all versions of Android, up to version 7.1.2. Cloak and Dagger attack allows hackers to silently take full control of your device and steal private data, including keystrokes, chats, device PIN, online account passwords, OTP passcode, and contacts. What's interesting about Cloak and Dagger attack? The attack doesn't exploit any vulnerability in Android ecosystem; instead, it abuses a pair of legitimate app permissions that is being widely used in popular applications to access certain features on an Android device. Researchers at Georgia Institute of Technology have discovered this attack, who successfully performed it on 20 people and none of them were able to detect any malicious activity. Cloak and Dagger attacks utilise two basic Android permissions: SYSTEM_ALERT_WINDOW ("draw on top") BIND
Read more

Smart TVs Can Be Hacked Remotely Using Broadcasting Signals

Image
Smart TVs Can Be Hacked Remotely Using Broadcasting Signals The Internet-connected devices are growing at an exponential rate, and so are threats to them. Due to the insecure implementation, a majority of Internet-connected embedded devices, including Smart TVs, Refrigerators, Microwaves, Security Cameras, and printers, are routinely being hacked and used as weapons in cyber attacks. We have seen IoT botnets like  Mirai  – possibly the biggest IoT-based malware threat that emerged late last year and caused vast internet outage by launching massive DDoS attacks against DynDNS provider – which proves how easy it is to hack these connected devices. N ow, a security researcher is warning of another IoT threat involving Smart TVs that could allow hackers to take complete control of a wide range of Smart TVs at once without having any physical access to any of them. Researcher Shows Live Hacking Demonstration The proof-of-concept exploit for the attack, developed by Rafael Scheel of cyber s
Read more

Google Adds New Scanner Behavior-Based Malware To Every Android Device

Image
Google Adds New Scanner  Behavior-Based Malware To Every Android Device In order to keep its billions of users safe, Google has introduced another security defense for its Android devices, called  Google Play Protect . Google Play Protect, which is part of the Google Play Store app, uses machine learning and app usage analysis to weed out the dangerous and malicious apps, which have always been albatross around the tech giant's neck. Since Google Play Protect actually comes with the Google Play Store, users do not need to install or activate this security feature separately. Google Play Protect for Android devices consists: App scanning Anti-Theft Measures Browser Protection Play Protect's App Scanning Feature Google Play Protect is an always-on service on devices which said to scan 50 billion apps each day across a billion Android devices to ensure they are safe. Google already has a number of security measures in place to help keep your smartphones safe, including Verify Apps
Read more