Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

FBI Hacker Says Breach Is Real, Promises Further Leaks

0
0

The FBI hack saga continues, this time with statements released by CyberZeist, the one behind the breach who claims to have accessed FBI’s content management system to steal some logins .

In statements released today, CyberZeist says the FBI hack is 100 percent real, pointing out that more information about the zero-day that he used to compromise the system would be shared in the coming days, as the vulnerability is currently on sale on the black market.

“I cannot disclose the 0day vector myself unless this exploit is not being actively sold or is rendered obsolete. Thus I will release the 0day myself via twitter and few selected security news portals once this 0day is not on sale or is rendered obsolete,” he said.

“So please wait for few days, once this 0day is obsolete, I will release the 0day as a proof of validity. I cannot break the negotiation code and release the 0day myself at this point as the vendor shared the 0day in exchange of my real identity as a token while handing the 0day vector to me.”

Plone: This is just a hoax

On the other hand, Plone, which is the company that developed the content management system, says the hack is just a hoax , explaining that CyberZeist is trying to use a high-profile site such as the FBI in order to advertise a fake exploit that he sells online.

CyberZeist hasn’t commented on this specific claim, but says that his goal has nothing to do with making money out of selling exploit. The hack happened “purely out of my own imagination and I am not influenced by any organization.”

For the moment, the FBI remains tight-lipped on anything related to this alleged hack, so the only thing we have right now is CyberZeist’s claims and Plone’s statements trying to debunk the breach.

Time will tell if the hack was real or not, as CyberZeist promised to disclose the zero-day vulnerability in the coming days. For what it’s worth, Plone says its CMS is fully secure and there is no known zero-day in the software.


Viewing all articles
Browse latest Browse all 12749