The Core

Why We Are Here => Web Development => Topic started by: rcjordan on February 28, 2024, 09:24:59 PM

Title: Hackers exploit 14-year-old CMS editor on govt, edu sites for SEO poisoning
Post by: rcjordan on February 28, 2024, 09:24:59 PM

https://www.bleepingcomputer.com/news/security/hackers-exploit-14-year-old-cms-editor-on-govt-edu-sites-for-seo-poisoning/

Title: Re: Hackers exploit 14-year-old CMS editor on govt, edu sites for SEO poisoning
Post by: ergophobe on February 28, 2024, 10:50:24 PM

FCKEditor in 2024? Seriously people?

OTOH… this is another reason why a lot of blog platforms now don’t include commenting. Complex systems will have holes and allowing non-authenticated users to enter stuff on your website multiplies the exploit threat a hundred fold.

https://xkcd.com/327/

Title: Re: Hackers exploit 14-year-old CMS editor on govt, edu sites for SEO poisoning
Post by: rcjordan on February 28, 2024, 11:06:55 PM

related:

Our online pharmacies and medical providers are learning about Little Bobby Tables. So far this year, I've been notified by 3 systems that they've been hacked and patient info was taken.

Debbie says that they've all probably been hacked and info stolen in the past but new fed regulations now make them notify.

(All of my credit bureau accounts have been frozen for a decade or more.)