Hackers deface old UTS system, dump user database

[security curmudgeon <jericho () attrition org>]

---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>

http://www.zdnet.com/au/hackers-deface-old-uts-system-dump-user-database-7000004694/

By Michael Lee
ZDNet
September 24, 2012

One of the subdomains for the University of Technology, Sydney (UTS) fell 
victim to an attack over the weekend, with hackers, going by the names 
Apollo and 0day, defacing the sub-site and dumping user information.

The two hackers left a message for the system administrators, telling them 
to fix their security and to "hire some staff who actually know what they 
are doing."

They also claimed to have deleted everything on the server as a lesson and 
dumped the contents of a database.

UTS confirmed the breach, stating that the server was used to publish news 
to the UTS website and its IT staff detected it on Saturday morning at 
7:45 a.m. AEST. The main UTS website was not affected.

"The affected machine was locked down, and service restored by 9 a.m. on 
Sunday," UTS said in a statement.

[...]
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.