Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Tuesday, 28 March, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Subdivision of Chicago Tribune hit by Serbian hackers

by The Gurus
November 22, 2013
in Editor's News
Share on FacebookShare on Twitter

The Chicago Tribune was apparently hacked via a SQL Injection flaw in an old section of the website.

According to the Hacker News, the Serbian hacker group ‘TeslaTeam’ found a flaw in a Tribune subdomain which allowed them to breach the website’s database and exposed partial credentials. A pastebin post included links to a page that included the 2008 Illinois school report and 14 encrypted passwords.
A spokesperson for the Tribune group declined to comment. Robert Hansen, technical evangelist at Whitehat Security, said: “The attackers appear to have abused a parameter called ‘ID’ which passes unformatted user input straight into an SQL statement. It appears to allow the attacker to pull in content from the MySQL server and still appears to be vulnerable.
“This is a common mistake to make, unfortunately, and quite easy to fix. The Chicago Tribune is lucky that the attackers alerted them to the attack, it gives them an opportunity to fix their issues with relatively limited damage done. Not even reporters are immune to attack – but this is probably the attacker’s version of a public service announcement to reporters: fix your stuff.”
Research by Imperva found that the vulnerable system was outdated, and it suspected that this is also supported by the table names in the leaked data which contains only the 2008 report card.
Tal Be’ery, web security research team leader at Imperva, said: “However, even if the data within the database is not relevant, hackers can still use the SQL injection flaw for privilege escalation, content manipulation and to cause damage to the Chicago Tribune brand name: ‘Chicago Tribune got hacked’ headlines are bad for the business’ reputation.
“Therefore, it is very important to secure all internet facing applications, even if they are outdated as they provide a viable attack surface for attackers. A way to make sure that all web applications are secured is to put them behind a web application firewall, thus making sure that every application behind it is secured.”
FacebookTweetLinkedIn
ShareTweetShare
Previous Post

IBM set to bolster mobile management with acquisition of Fiberlink

Next Post

Scotland Yard plans to hire 400+ cyber staff questioned

Recent News

Blue Logo OUTPOST24

New Research Examines Traffers and the Business of Stolen Credentials

March 28, 2023

How to Succeed As a New Chief Information Security Officer (CISO)

March 28, 2023

The Importance of Data Security and Privacy for Individuals and Businesses in the Digital Age

March 28, 2023
penetration testing

Cymulate’s 2022 Cybersecurity Effectiveness Report reveals that organizations are leaving common attack paths exposed

March 28, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information