In this cursed year of the Coronavirus, many more hacks and computer attacks are being recorded than in previous ones. Cybercriminals take advantage of the current situation of uncertainty, the massive influx of Teleworking and any slightest flaw or loophole in a security program, exactly what has happened to the Generalitat of Catalonia.
Vulnerability in three websites of the Generalitat
Advanced by media such as Vozpópuli and confirmed directly to others, the Generalitat of Catalonia was exposing the private data of thousands of users via three of the Catalan Government’s web pages. And all for a computer security flaw in the form of vulnerability. A vulnerability that has exposed up to 5,000 emails and passwords of users who had registered in Government applications.
Discovered last week, no one knows how long the vulnerability had been exposing this data, but it could have been for months or even years. On November 19, the three affected websites were taken ‘offline’ to correct the problem, and those responsible for data protection contacted all the affected departments. But has anyone used that exposed data?
A vulnerability can be exploited, in fact cybercriminals sometimes do not have to hack, but only take advantage of ‘exploits’ or security holes in the services, apps or platforms they want to steal. The Generalitat is currently investigating whether the data of 5,000 users has been stolen and is being used to hack them, and “as of today, we cannot conclude that the existence of this vulnerability has led to a cybersecurity incident.”
But what exactly happened? According to the cybersecurity expert company Avast, it is a SQL Injection security flaw on which an investigation is being carried out. As Luis Corrons, Avast’s ‘Security Evangelist’ points out, SQL injection attacks are quite common, and “have been used in many attacks over the years. Companies like Sony, Yahoo or LinkedIn have been victims of this type of attack. attacks.
To prevent them, in addition to taking security measures, when configuring and programming the databases, it is essential to carry out periodic audits of the security…