Saturday, June 10, 2023
  • Shop
  • My Account
    • Cart
    • Checkout
  • Login
NewsDigitize
  • Home
  • News
    • Google
    • Apple
    • Facebook
    • Microsoft
      • Windows
    • WhatsApp
    • Yahoo
    • Flipkart
    • Intel
    • Nvidia
    • Alibaba
    • NASA
    • IBM
    • BlackBerry
    • Linux
    • Airtel
    • Amazon
  • Social
    • Social Media
    • Twitter
    • Facebook
  • Topic
    • Technology
    • Technology company
    • Android
    • Android App
    • App
    • Smart Phones
    • Router
    • WiFi
    • Electronics
    • Space
    • Virtualization
    • Gadget
    • SEO
    • Hacking
    • Robot
    • Transportation
    • Drones
  • Internet
  • Telecom
No Result
View All Result
Plugin Install : Cart Icon need WooCommerce plugin to be installed.
NewsDigitize
  • Home
  • News
    • Google
    • Apple
    • Facebook
    • Microsoft
      • Windows
    • WhatsApp
    • Yahoo
    • Flipkart
    • Intel
    • Nvidia
    • Alibaba
    • NASA
    • IBM
    • BlackBerry
    • Linux
    • Airtel
    • Amazon
  • Social
    • Social Media
    • Twitter
    • Facebook
  • Topic
    • Technology
    • Technology company
    • Android
    • Android App
    • App
    • Smart Phones
    • Router
    • WiFi
    • Electronics
    • Space
    • Virtualization
    • Gadget
    • SEO
    • Hacking
    • Robot
    • Transportation
    • Drones
  • Internet
  • Telecom
No Result
View All Result
Plugin Install : Cart Icon need WooCommerce plugin to be installed.
NewsDigitize
No Result
View All Result

Panama Papers hacked through PHP CMS WordPress

Chief Editor by Chief Editor
February 12, 2018
in Hacking
0 0
0
Home Hacking

The Panama Papers data breach, known as The Mossack Fonseca (MF) is one of the largest breach in history and includes 4.8 million emails. Tha Panama law company was hacked via a WordPress module called Revolution Slider. This plugin is used on more than 2 million websites. Because it’s so popular, there are lots of hacks that targer Revolution Slider.

What is Panama Papers?

The Panama Papers scandal has brought down the Prime Minister of Iceland and surrounded Russian President Putin and British Prime Minister David Cameron with controversy, among other famous public figures.

The data breach consists of 2.6 terabytes and 11.5 million documents. The #PanamaPapers database contain details about more than 200 000 offshore entities from all over the world. Tha breach consists of email accounts, passports copies, invoices, banking documents and of course, thousands of offshore registration acts.

This documents offer details about secret business of 128 politicians from all over the world. More than 11 million of documents demonstrates how a global industry, built from law firms and huge banks, sell secrets to politicians, fraudsters and drug traffickers, but also to billionaires and some celebrities.

How does this Cyber Attack did happened?

The Mossack Fonseca website is running WordPress and is currently running a version of Revolution Slider that is vulnerable to attack and will grant a remote attacker a shell on the web server. After we inspected the home page source code, we realized that the current MF website uses an older version of Revolution Slider, they were using: 2.1.7. All versions of the Revolution Slider (Revslider) up to 3.0.95 are vulnerable to hacking attacks. For more details, see the image below:

ms-hacked-revslider

Also, according to their DNS results, the web server and the mail server were hosted on the same machine. More important is that they were hosting private and confidential information on their WordPress database. They weren’t using a Firewall, and there are lots of security companies nowadays.

So, a wordpress website using old version of plugins is a massive security risk. But I guess that Mossack Fonseca website administrators weren’t thinking that something like this could happen.

Conclusion

What everybody should learn from this data breach is that:

– you should always update your CMS (it’s not important what CMS you use, WordPress, Drupal or Joomla, it’s important to be up to date)
– if you host confidential data on your website, you must use a SSL certificate and you must be firewall and ddos protected (there are services like Cloudflare and Sucuri)
– check your website from time to time against new or changed files (it doesn’t matter what programming language is used, if someone changed your index or header/footer files, there are 99.9% chances to be hacked)
– check your database from time to time (there’s a database table used for storing user accounts, for example admins, if your website was hacked, there are chances to find new admin accounts)
– never trust inputs (validate all input fields)

ShareTweetShare
Chief Editor

Chief Editor

Next Post
IBM and Bluewolf launch new Salesforce practice in India

IBM and Bluewolf launch new Salesforce practice in India

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

  • Trending
  • Comments
  • Latest
Vodafone India says IoT becoming fastest growing segment for enterprise biz; mulling narrowband IoT network

Vodafone India says IoT becoming fastest growing segment for enterprise biz; mulling narrowband IoT network

April 16, 2018
What are the Basic Elements of a Fiber Optic Communication System?

What are the Basic Elements of a Fiber Optic Communication System?

April 4, 2018
Here’s how you can de-link your Facebook profile from Instagram

Here’s how you can de-link your Facebook profile from Instagram

February 25, 2022
Android Oreo: 18 advanced tips and tricks

Android Oreo: 18 advanced tips and tricks

March 19, 2018
Apple’s plan to put health records on your phone has huge implications for medicine

Apple’s plan to put health records on your phone has huge implications for medicine

6

The totaly amazing street art collection of 2016

5

Everything you ever need to know about flowers

4

Why you need an amazing photography collection

3
Google Pay enables Aadhaar-based authentication for UPI activation without using a debit card. Usage 

Google Pay enables Aadhaar-based authentication for UPI activation without using a debit card. Usage 

June 7, 2023
Logitech launches the MX Keys S keyboard and mouse combo. Check rates, facilities and availability

Logitech launches the MX Keys S keyboard and mouse combo. Check rates, facilities and availability

June 2, 2023
WhatsApp

WhatsApp Companion Mode for iPhone Now Rolling Out: How to Link Multiple iOS devices

May 31, 2023
Redmi K60 Ultra schematic leaks, hints at narrow bezels and punching display: detail 

Redmi K60 Ultra schematic leaks, hints at narrow bezels and punching display: detail 

May 27, 2023
NewsDigitize

Technological Advances

Newsguard, a global organisation that analyses news sources for certain journalistic standards, has given the newsdigitize website a GREEN rating for credibility and trustworthiness.

Footer Menu

  • HOME
  • NEWS
  • SOCIAL
  • TOPIC
  • INTERNET
  • TELECOM

Recent News

Google Pay enables Aadhaar-based authentication for UPI activation without using a debit card. Usage 

Google Pay enables Aadhaar-based authentication for UPI activation without using a debit card. Usage 

June 7, 2023
Logitech launches the MX Keys S keyboard and mouse combo. Check rates, facilities and availability

Logitech launches the MX Keys S keyboard and mouse combo. Check rates, facilities and availability

June 2, 2023

© 2022 All Rights Reserved newsdigitize.co.in.

No Result
View All Result
  • Home
  • News
    • Google
    • Apple
    • Facebook
    • Microsoft
      • Windows
    • WhatsApp
    • Yahoo
    • Flipkart
    • Intel
    • Nvidia
    • Alibaba
    • NASA
    • IBM
    • BlackBerry
    • Linux
    • Airtel
    • Amazon
  • Social
    • Social Media
    • Twitter
    • Facebook
  • Topic
    • Technology
    • Technology company
    • Android
    • Android App
    • App
    • Smart Phones
    • Router
    • WiFi
    • Electronics
    • Space
    • Virtualization
    • Gadget
    • SEO
    • Hacking
    • Robot
    • Transportation
    • Drones
  • Internet
  • Telecom

© 2022 All Rights Reserved newsdigitize.co.in.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In