BlackHat hacker CyberZiest claims to have used a zero-day flaw to hack into the FBI’s Content Management System (built by Plone). Plone released a statement calling the hack a ‘hoax’. However, CyberZiest has since tweeted a claim that they will release proof to support the breach. IT security expert from Barracuda Networks commented below.
Wieland Alge, VP & GM EMEA at Barracuda Networks:
“For many large organisations, CMS used to be an internal application that sat behind a well-defended perimeter. Over time, we’ve seen this perimeter weaken to the point where CMS is now a poorly-defended and therefore easily accessible application for hackers to exploit.
As with many business applications, a growing number of companies now run their CMS in cloud-based infrastructures. The more external platforms an organisation uses, the more IT surface they expose to potential hackers. The convenience of direct access to applications from different devices and locations is an attractive prospect, but this simplicity and ease of access has left gaping security holes.
Organisations must strike a balance between security and convenience. They need to perform regular patches and assessments to keep all of their attack surfaces – and their company – secure.”