advertisement

CABS website gets hacked

advertisement
CABS Website Hacking

We just got a tip that the Central African Building Society (CABS) website www.cabs.co.zw has been hacked. Visiting the website right now loads the screen we have captured here:

advertisement

CABS Website Hacking

 

advertisement

CABS is Zimbabwe’s largest mortgage lender. The building society is a subsidiary of Old Mutual Zimbabwe, Zimbabwe’s largest life assurance organisation.

So far it looks that the hacking is basically the defacing of their website and not likely any deeper than that in terms of the payload. Our checks show the website uses the Joomla content management system.

We are told CABS has been notified and they are in the process of rectifying the problem, which apparently involves moving hosts and activating and even changing sites.


Quick NetOne, Telecel, Africom, And Econet Airtime Recharge

If anything goes wrong, click here to enter your query.


WhatsApp Discussions

Click to join a Techzim WhatsApp group:
https://chat.whatsapp.com/DOJlKDosfy79t2g9qfh18I

If you find the group full, please notify us on +263 715 071 199 and we'll update the link.


13 thoughts on “CABS website gets hacked

  1. thats the unfortunate side effect of not updating joomla when security updates are released and making sure that other methods of entry weren’t locked down – i feel sorry for there IT department right now

  2. Hi Soul and TechZimFellas;

    The site was exploited due to a universal weakness in Joomla & WordPress. So all of you who use this platform should take up a proactive approach and patch/upgrade to the latest version as soon as possible. Also if you have host IDS or network IPS turn them on to check for suspicious traffic:

    Details of the exploit are available here:

    http://net-security.org/malware_news.php?id=2356

  3. Most Joomla 1.5.xx sites hosted by local hosting companies are being “hacked”. Not sure whether it’s a Joomla issue or a hosting issue. CABS would be wise to upgrade to Joomla 2.5.

    1. Not sure if you are correlating hacks happening because they are both 1.5 and locally hosted. The two would be mutually exclusive unless you are stating your suspicions that the hacker is specifically targetting local sites running J! 1.5. In which case I’ve just wasted text and time… 😀

      And true, if you are running J1.5, migrate to 2.5 ASAP. Joomla reached end of life in April. The last .26 patch(September), is most likely…eh… THE LAST. If one’s site is heavily dependent on, say, a bunch of 1.5 extensions then you will have to go through all the extensions’ code testing & fixing vulnerabilities. Its just a timebomb…migrate! I have a client with a 1.5 site and I know I have tonnes of work to do.

  4. Here is the really scary thing… they got a brand new site only a couple of weeks ago. The one showing at the moment is their old one we have been seeing for years, but a couple of weeks ago I noticed that they had a new look and feel, I think it was developed by Cyberplex or at least thats what it had at the bottom.

    1. I think its a good thing that they reverted to the old version due to the incident on the new one. Its actually standard practice.

      1. I meant it was scary that a brand new site was hacked not even a month later. Hard to blame old unpatched code.

  5. If devs don’t want to bother with the undelying CMS security issues (or don’t know how), they should stick to static site generators like Jekyl. Or even build using WP/Joomla and use the many plugins available for the CMSes that export the whole site as a static one. Then if there’s to be anything dynamic it should be from a read-only JSON endpoint o something.

Comments are closed.