Google News fooled and spammed by a hacked Hyderabad govt. website

Share This Post

[ad_1]

The hackers seem to have exploited a vulnerability in the Hyderabad Metropolitan Water Supply and Sewerage Board (HMWSS) website, ‘hyderabadwater.gov.in.’ [File]

The hackers seem to have exploited a vulnerability in the Hyderabad Metropolitan Water Supply and Sewerage Board (HMWSS) website, ‘hyderabadwater.gov.in.’ [File]
| Photo Credit: Google News

Google News algorithm was fooled and spammed on Friday (November 8, 2024) by a hacked Telangana government website. The hackers seem to have exploited a vulnerability in the Hyderabad Metropolitan Water Supply and Sewerage Board (HMWSSB) website, ‘hyderabadwater.gov.in.’ The website is used by Hyderabad residents to pay their water bills online.

It is unclear when the hack itself happened, but promotional links on betting, online rummy, and casinos began trending up on Google News under the latest news tab in the technology section earlier today. With an exception of one sub-section that highlighted Garena Free Fire MAX redeem codes, most other links were from HMWSSB, promoting gambling. The links were redirecting users to an online betting platform, betwww20.com.

This type of attack occurs when a hacker exploits vulnerabilities in a website’s database query system by injecting malicious SQL code

This type of attack occurs when a hacker exploits vulnerabilities in a website’s database query system by injecting malicious SQL code
| Photo Credit:
Google News

The hack reveals the vulnerability in both HMWSSB’s website and Google News’s algorithm. While the method of the attack could not be verified, it looks like a Structured Query Language Injection (SQLi) attack — a common website hacking technique.

This type of attack occurs when a hacker exploits vulnerabilities in a website’s database query system by injecting malicious SQL code into web forms, URL parameters, or other input fields. This is possible when the website fails to properly validate or sanitise user input before using it in SQL queries.

The spam links were redirecting users to an online betting platform, betwww20.com.

The spam links were redirecting users to an online betting platform, betwww20.com.
| Photo Credit:
Google News

SQLi can be used to delete or modify information in the database, or to extract sensitive data like usernames, passwords, and credit card details. Attackers could also inject malicious code to further compromise the website or server.

Hackers often use automated tools to scan and attack large numbers of websites. These tools can try different variations of SQL injection payloads on forms, URLs, and other input fields until they find one that works.

[ad_2]

Source link

spot_img

Related Posts

Soft Play Bus Essex – Mobile Party Venue on Wheels

In the world of children’s entertainment, creativity and convenience...

Little Glam Queens Rejoice: Pamper Bus Parties Are Here to Wow

A Mobile Spa Experience Designed for Kids’ DelightFor young...

How to Enjoy Grace Bay Turks and Caicos Luxury Without Breaking the Bank

Introduction: Paradise on a BudgetGrace Bay Turks and Caicos...

WitchSpin Casino’s Magical Theme: A Unique Gaming Experience

Online casinos today are not just about winning money....

Norwegian Tourists’ Favorite Online Gaming Destinations for Vacation

As the world becomes increasingly interconnected, many Norwegian tourists...

Non-Disclosure Agreement for Franchise Opportunity Discussions

When discussing franchise opportunities, both the franchisor and potential...
spot_img