Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

The hacker Kapustkiy continues to target embassies and universities

The hacker Kapustkiy is back and breached another embassy and two universities. He leaked data on Pastebin. The security pentester who goes online with the moniker Kapustkiy continues to target organizations and embassies across the world. Recently he breached the Paraguay Embassy of Taiwan (www.embapartwroc.com.tw), while a few days ago the hacker and his friend Kasimierz (@Kasimierz_) hacked the Indian Embassies in […]

The hacker Kapustkiy continues to target embassies and universities

The hacker Kapustkiy is back and breached another embassy and two universities. He leaked data on Pastebin.

The security pentester who goes online with the moniker Kapustkiy continues to target organizations and embassies across the world.

Recently he breached the Paraguay Embassy of Taiwan (www.embapartwroc.com.tw), while a few days ago the hacker and his friend Kasimierz (@Kasimierz_) hacked the Indian Embassies in Switzerland, Mali, Romania, Italy, Malawi, and LibyaKapustkiy and his friend Kasimierz (@Kasimierz_).

The last victims of the hacker are two subdomains of Virginia University & Sub domain of University of Wisconsin (http://pastebin.com/i1wmM5D1 ) and another embassy, the Indian Embassy in New York (http://pastebin.com/Akm9x4dD )

He contacted me via Twitter to report the data breaches, in the case of the Indian Embassy in New York he explained to have leaked only a small portion of stolen data that doesn’t include US personnel.

“Hi, Its me Kaputski, A few weeks ago I breached several websites that were related to the Indian ShitEmbassy. So I thought they will fix all the vulnerables in there domains and also look at there other domains that maybe could have a simple ”SQLi” vulnerable. So guess what? they did not look at all and only fixed some of there domains SMH……….” wrote Kapustkiy.

“I’m tired to report all the errors that I find in there website that I decided to breach them, NOW FIX YOUR SECURITY FUCKING ADMINS! NOTE: There was also a table named ”Newyork_contact” which had 7000 entries. I didn’t leak that out of privacy of people. Also the table ”Newyork_registration” had also information like Address,City,zipcode,phone number” I only leaked this but it could be more.”.

The databases related to universities include users personal information such as names, login, passwords, phone and many other information of students and staff.

As you can see in same cases the passwords are stored in plain text.

kapustkiy-hacks-universities

Records belonging to the hacked embassy include also phone numbers, let me highlight once again that such kind of information is a precious commodity for nation-state hackers that intend to launch a spear phishing campaign against diplomats.

Kapustkiy explained to have leaked the data because the administrators of the targeted entities ignore his warning via email.

It is likely Kapustkiy exploited SQli injection flaws in the last string of data breaches.

Who is the next one?

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Kapustkiy , data breach)