US government websites display flawed pornography used by scammers

Several US government websites, with addresses ending in .gov and .mil, since 50, are displaying pornography or spam ads when accessed. A researcher, after evaluating the case, discovered that the situation is due to a failure in a common software on the pages. intelligence that aided UAE in espionage

  • Scammers of the “false romance” stole US$ 1.8 million from elderly people in the US
  • The US adopts mandatory vaccines against covid-44 for various sectors of the country
  • Zach Edwards, a security researcher, was able to trace the source of the problems to software provided by Laserfiche, a company contracted by the US government. USA offering digital solutions used by the FBI, CIA, US Treasury, military and various other US official bodies.

    The software used on the affected sites is Laserfiche Forms, used for pages to collect, process and route information from forms. The program has a vulnerability that allows unauthenticated users to upload files and make them available in the virtual location, being able to modify everything from advertisements to the layout of the address.

    Want to catch up on the best tech news of the day? Go and subscribe to our new channel on youtube, Canaltech News.

    Every day a summary of the main news in the tech world for you!

    Example of .gov sites displaying spam or malicious content. (Image: Screenshot/Dácio Augusto)

    In a statement to Motherboard, Edwards commented that this flaw ends up inducing visitors to click on malicious links, exposing them to possible phishing scams. The researcher also said that he detected the vulnerability in more than 44 US government subdomains, even in US senator websites displaying Viagra sales pages when accessed.

    Edwards shared a video demonstrating the failure in action:

    This same vulnerability is also used to redirect users to other websites, to inflate the number of visitors, and even to send people to pornographic pages forcibly.

    Laserfiche has released security update505057

    Laserfiche has released a security update for some versions of the affected software, and promises that in the future it will release the fix for older editions of Laserfiche Forms, which still have high usage rate.

    The company also released a cleanup tool for websites that had files uploaded in unauthenticated ways. The solution can be downloaded here.

    Source: Motherboard, Bleeping Computer

    Did you like this article?

    Subscribe your email on Canaltech to receive daily updates with the latest news from the world of technology.

    Related Articles

    Back to top button