Sep 192018
 

RBS is doing a great job of tracking the Click2Gov breaches.  In their most recent update, they report:

It’s been three months since our original post was published and as feared, breaches of the Click2Gov system continue to be reported. Here is what we’ve learned:

  • Attackers are exploiting an unpatched vulnerability in Oracle’s WebLogic. Early on, we speculated whether the problem was with the Click2Gov application itself and whether it impacted the cloud-based version of the system. It has since come to light that only local installations are at risk. Attackers are gaining access to application servers due to a known vulnerability in WebLogic and escalating the attack from there.

Few other details about the attack methods have come to light. That said, one intriguing detail has remained consistent –  only one-time payments are at risk. Data for customers with auto-pay enabled has not been exposed. That does make us wonder if there is another weakness in play, perhaps associated with the form or page used to enter payment information.

  • Nine more incidents involving Click2Gov installations have come to light.

Read more on RBS.

And sure enough, there was another update to note:  FireEye issued an analysis and report.

Sorry, the comment form is closed at this time.