Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Three Italian universities hacked by LulzSec_ITA collective

The popular Italian hacktivist collective LulzSec ITA claimed via Twitter to have hacked three Italian universities. The popular Italian hacktivist collective LulzSec ITA has announced via Twitter the hack of three Italian universities, highlighting the importance of the cybersecurity for our society. The hacktivists claim that once hacked the universities did not disclose the data […]

LulzSec ITA

The popular Italian hacktivist collective LulzSec ITA claimed via Twitter to have hacked three Italian universities.

The popular Italian hacktivist collective LulzSec ITA has announced via Twitter the hack of three Italian universities, highlighting the importance of the cybersecurity for our society.

https://twitter.com/LulzSec_ITA/status/1225756499168899072

The hacktivists claim that once hacked the universities did not disclose the data breach and attempted to hide the incident, violating the European Privacy Law GDPR.

https://twitter.com/LulzSec_ITA/status/1226864422808965120

Below the translation of message published by the group.

"Dear student / teacher friends, after a few months today we decided to focus our attention on you too :)
We spent  searching holes in Italian universities (and not only, we remember that dozens of universities were hacked in 2011), to try to show you that security in the academic environment must be taken seriously since the university is the den of the excellent minds of our future.
If the concept of security does not start from our schools, how can we have a better ruling class than the current one?  Since our previous attacks did not bring any sense of shame on your part, we decided to let you taste another round, until you are able to admit how is ridiculous your security.
 Lulz!" 

I reached the group to have more information about their operation, they told me that the choice to attack the universities of Basilicata, Napoli and Rome3 was casual.

As for motivation, they confirmed to me they have always had an interest in Italian education. They explained that after 9 years since the first attacks against the universities, nothing has changed from the cyber security perspective.

Two weeks after the hack, one of the universities breached by the group, Uniparthenope, sent a data breach notification via email to the impacted students and teachers. LulzSec ITA told me that the notification attempted to downplay the incident, despite the hacktivists claim to have accessed data contained in 27 databases and compromised some portals used by the university.

The other two universities, “Università della Basilicata” and Roma3 have yet to notify their students about the incident.

How did LulzSec ITA hack the universities?

In the simplest way, the hackers used a classic and very simple SQL Injection attack. Such kind of attack could be automatically launched by using very simple tools. SQL Injection attacks can allow attackers to access the target database.

It is embarrassing that universities could be hacked with a so simple technique. The hacktivists told me also that in some cases, they were able to bypass login pages without knowing the username and password, just using simply using SQL Injection strings.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – LulzSec ITA, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]