Hackers exploit Microsoft MSHTML bug to steal Google, Instagram creds
Apple sues spyware-maker NSO Group, notifies iOS exploit targets
Germany to force ISPs to give discounts for slow Internet speeds
Microsoft Defender for Endpoint fails to start on Windows Server
Get unlimited access to 210 top Mac apps for $42 this Black Friday
The Best Cyber Monday 2021 Security, IT, VPN, & Antivirus Deals
New Windows 10 zero-day gives admin rights, gets unofficial patch
Dual screen monitors for your laptop are on sale this Black Friday
Qualys BrowserCheck
STOPDecrypter
AuroraDecrypter
FilesLockerDecrypter
AdwCleaner
ComboFix
RKill
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Toksearches.xyz Search Redirect
Remove the Smashapps.net Search Redirect
Remove the Smashappsearch.com Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
eLearning
IT Certification Courses
Gear + Gadgets
Security
dft gov uk website
A UK Department for Transport (DfT) website was caught serving porn earlier today.
The particular DfT subdomain behind the mishap, on most days, provides vital DfT statistics for the public and the department’s business plan.
The UK DfT’s charts.dft.gov.uk website was seen serving porn today, as confirmed by BleepingComputer.
In the past, the Charts subdomain has provided business plan documents and important statistics on various DfT services such as numbers on public transport utilization, roadway accessibility times, and driving tests.
Although the site is no longer reachable, as of a few hours ago, visiting charts.dft.gov.uk paved the way for some racy traffic:  
The mishap was first spotted by The Crow, which additionally observed that the entire dft.gov.uk domain was itself made to redirect to a WordPress plugin page, while the Department appeared to investigate the issue.
In our tests, BleepingComputer observed the official dft.gov.uk website led to a password-protected WordPress page living at: eu-hauliers.dft.gov.uk.
Although the exact cause of the Charts mini-site serving porn is not known, it appears the subdomain did have a CNAME DNS record pointing to an Amazon S3 instance.
The offending (NSFW) instance is still up at charts.dft.gov.uk.s3-website-eu-west-1.amazonaws.com, showing illicit content. Fortunately, charts.dft.gov.uk no longer leads there.
What remains unclear is, if this was simply a case of domain hijacking—that is, a dangling AWS S3 instance that the Charts site pointed to, was claimed by a threat actor and made to serve adult content, or did an attacker obtain enough access to DfT’s registrar’s systems and changed the DNS entry for charts.dft.gov.uk.
The second scenario is more challenging to pull off and would raise some serious questions on how secure the DfT’s digital infrastructure is.
“A disused, dormant page of the Department for Transport’s Gov.uk website has been used,” a DfT spokesperson told BleepingComputer.
“No information or data has been lost or compromised. The website address has since been permanently deleted.”
This isn’t the first time a government website was caught serving explicit content either.
In September this year, U.S. government websites were spammed with viagra ads and adult content after attackers exploited a vulnerability in the Laserfiche Forms software product, used by multiple government sites.
In July, visitors to major news sites including The Washington Post and HuffPost saw the embedded videos in news stories replaced with porn after the vid.me domain was acquired by a third party. 
The access to the main DfT website dft.gov.uk has since been restored. But, as stated, the sysadmins have pulled the plug on charts.dft.gov.uk altogether, which is no longer accessible.
Update, Nov 26th 01:25 ET: Added DfT statement.
UK plans to invest £5 billion in retaliatory cyber-attacks
UK govt warns thousands of SMBs their online stores were hacked
US, UK warn of Iranian hackers exploiting Microsoft Exchange, Fortinet
Alibaba ECS instances actively hijacked by cryptomining malware
UK Labour Party discloses data breach after ransomware attack
Not a member yet? Register Now
IKEA email systems hit by ongoing cyberattack
New Windows 10 zero-day gives admin rights, gets unofficial patch
To receive periodic updates and news from BleepingComputer, please use the form below.
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.

source

You May Also Like

Eurostar tests facial recognition system on London train station

Microsoft offers 50% subscription discounts to Office piratesRussian hacking group uses new…

New Windows 10 zero-day gives admin rights, gets unofficial patch

Hackers exploit Microsoft MSHTML bug to steal Google, Instagram credsApple sues spyware-maker…

Microsoft Exchange ProxyShell exploits used to deploy Babuk ransomware

Ukraine links members of Gamaredon hacker group to Russian FSBSamsung Galaxy S21…

Beware: Free Discord Nitro phishing targets Steam gamers

CISA orders federal agencies to fix hundreds of exploited security flawsUS sanctions…