MTNCOMP | List View | Table View | myBlog (1767 Entries) |
From: Reno Direct
<renodirect@reno.gov>
Sent: Thursday, December 20, 2018 7:53 AM
To: andrewflagg@mountaincomputers.org
Subject: Re: City of Reno - Hackers Swipe Card Numbers From Local
Government Payment Portals (zdnet.com) 14
Done!
Thank you for contacting Reno Direct!
Amanda
Reno DIRECT
PO Box 1900
Reno, NV 89505
775-334-INFO (4636)
Check out our smartphone app for City of Reno on the Appstore and Google Play!
On Wed, Dec 19, 2018 at 5:52 PM Andy Flagg, Mountain Computers Inc <andrewflagg@mountaincomputers.org> wrote:
Hi Reno Direct,
Please send this off to your IT department. I am sure they are already aware of it and whether or not the City of Reno, Sparks, and Washoe County are aware.
All the best!. Merry Christmas.
Andy
775-287-9552
490 E 8th st.
Reno, NV 89512
security-woes
A previously unknown hacker group is behind
a mounting number of breaches that have been reported by local governments
across the US. From a report: In a report published today, US cyber-security
vendor FireEye has revealed that this yet-to-be-identified hacker group has
been breaking into
Click2Gov servers and planting malware that stole payment card details.
Click2Gov is a popular self-hosted payments solution, a product of US software
supplier Superion. It is sold primarily to US local governments, and you can
find a Click2Gov server installed anywhere from small towns to large
metropolitan areas, where it's used to handle payments for utility bills,
permits, fines, and more.
FireEye says this new hacker group has been attacking Click2Gov portals for
almost a year. The company's investigators believe hackers are using one or
more vulnerabilities in one of Click2Gov's components --the Oracle WebLogic
Java EE application server-- to gain a foothold and install a web shell named
SJavaWebManage on hacked portals. Forensic evidence suggests the hackers are
using this web shell to turn on Click2Gov's debug mode, which, in turn, starts
logging payment transactions, card details included.
CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, files or previous e-mail messages attached to it may contain confidential information that is also legally privileged. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of any of the information contained in or attached to this transmission is prohibited. If you have received this transmission in error, please immediately notify the sender and immediately destroy the original transmission and its attachments without reading or saving in any manner. Thank you.
© 2024 myBlog™ v1.1 All rights reserved. We count views as reads, so let's not over think it.