- Hacker Breaks into Italian Government Website, 45,000 Users Exposed. From Softpedia.
Hacker Kapustkiy just managed to break into another government website, this time in Italy where the target was the Dipartimento della Funzione Pubblica.
Specifically, using a simple SQL injection, Kapustkiy got access to a database of no less than 45,000 users, including login credentials for services being handled by Italian cities.
Kapustkiy took to Pastebin to share part of the database, saying that he decided to leak only 9,000 of the entries in order to give time to the Italian authorities to fix the security flaw.
The worst thing, however, is that Italian officials have until now ignored the hacker’s emails, and Kapustkiy told us that he already contacted the site’s administrators to tell them about the breach, but all his messages received absolutely no response.
“I did not get any response from them. I hope that they will look in the database now after this breach and make their security better,” he told us.
We’ve also reached out to the Italian ministry to ask for more information about the hack, but at the time of publishing this article, an answer is not yet available – we will update the post if an official statement is provided.
- Epic’s forums hacked again, with thousands of logins stolen. From ZDNet. A hacker has stolen hundreds of thousands of forum accounts associated with Unreal Engine and its maker, Epic Games. More than 808,000 accounts were stolen in the attack — with more than half a million from Unreal Engine’s forums alone. Breach notification site LeakedSource.com, which obtained a copy of the database, said the attack was carried out August 11. The hacker, whose name isn’t known, exploited a known SQL injection vulnerability found in an older vBulletin forum software, which allowed the hacker to get access to the full database.
- FDIC reports five ‘major incidents’ of cybersecurity breaches since fall. From Washington Post. The Federal Deposit Insurance Corp. (FDIC) on Monday retroactively reported to Congress that five additional “major incidents” of data breaches have occurred since Oct. 30. FDIC also is launching “a new initiative to enhance security.”The incidents involved the breach of taxpayers’ personally identifiable information, The Washington Post has learned. In each case, employees with legitimate access to the information were leaving the agency when they inadvertently downloaded the data along with personal files. The individuals involved provided affidavits saying the data was not shared.
- Leading by example: the federal CISO and cybersecurity collaboration. From FCW. In 2015, there were 781 known data breaches in the United States, according to the Identity Theft Resource Center, exposing a staggering 169 million records. Records described as government/military accounted for 20.2 percent of those that were exposed via data breach, while healthcare accounted for 66.7 percent of compromised records. And given that many organizations do not report data breaches for fear of damaging their reputations, we know the true numbers are significantly higher.
- Researcher arrested after reporting hole in elections site. From The Register. Vanguard Cybersecurity man David Levin was arrested after exploiting and disclosing SQL injection vulnerabilities that revealed admin credentials in the Lee County state elections website. The Florida Department of Law Enforcement says the 31-year-old Estero man hacked into Lee County state elections website on 19 December. Levin faced three third-degree felony counts of property crime. Levin was released on a US$15,000 bond.