This week we published an article about the on going attacks on Cambridge university mainly led by #nullcrew hackers but has since been a reason for other hackers to start having a ago at the university network. The most recent attacks come from twitter user @Timoxeline who is apart of Nullcrew and the attacks come in the form of some xss vulnerabilities as well as a proof of concept to the attack as well as showing that they still have injectable SQL within the system . As well as this they have claimed to embed and infect 200 victims with drive by malware from the attack on the Cambridge sites.
These vulnerabilities have been exclusively exploited and manipulated. Details: SQL Injection => DB Dumped (Only 40% data have been posted for special purposes) XSS => Successfully infected 200 victims by using spoofing link into downloading my malware Other vulns contain confidential data which will also be released anytime soon. Your security is a disgrace. You were warned. This report will be released to the public due to your non-cooperative behavior.;
The sql injection has a message which states that any data will be dumped once the operation has finished, https://pastebin.com/3nB5c3We