From: Reno Direct
Sent: Thursday, December 20, 2018 7:53 AM
Subject: Re: City of Reno - Hackers Swipe Card Numbers From Local Government Payment Portals (zdnet.com) 14
Thank you for contacting Reno Direct!
PO Box 1900
Reno, NV 89505
Check out our smartphone app for City of Reno on the Appstore and Google Play!
On Wed, Dec 19, 2018 at 5:52 PM Andy Flagg, Mountain Computers Inc <email@example.com> wrote:
Hi Reno Direct,
Please send this off to your IT department. I am sure they are already aware of it and whether or not the City of Reno, Sparks, and Washoe County are aware.
All the best!. Merry Christmas.
490 E 8th st.
Reno, NV 89512
A previously unknown hacker group is behind
a mounting number of breaches that have been reported by local governments
across the US. From a report: In a report published today, US cyber-security
vendor FireEye has revealed that this yet-to-be-identified hacker group has
been breaking into
Click2Gov servers and planting malware that stole payment card details.
Click2Gov is a popular self-hosted payments solution, a product of US software
supplier Superion. It is sold primarily to US local governments, and you can
find a Click2Gov server installed anywhere from small towns to large
metropolitan areas, where it's used to handle payments for utility bills,
permits, fines, and more.
FireEye says this new hacker group has been attacking Click2Gov portals for almost a year. The company's investigators believe hackers are using one or more vulnerabilities in one of Click2Gov's components --the Oracle WebLogic Java EE application server-- to gain a foothold and install a web shell named SJavaWebManage on hacked portals. Forensic evidence suggests the hackers are using this web shell to turn on Click2Gov's debug mode, which, in turn, starts logging payment transactions, card details included.
CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, files or previous e-mail messages attached to it may contain confidential information that is also legally privileged. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of any of the information contained in or attached to this transmission is prohibited. If you have received this transmission in error, please immediately notify the sender and immediately destroy the original transmission and its attachments without reading or saving in any manner. Thank you.
© 2019 myBlog™ v1.1 All rights reserved. We count views as reads, so let's not over think it.