State Bank of Patiala hacked and defaced by Pakistani Hacker

A Pakistani hacker with the online handle " Kai-H4xOrR" from PAKISTAN HAXORS CREW(PHC), has hacked into the State Bank of Patiala(SBP) sub-domain and managed to deface the website.

In the defacement page, hacker stated that the security breach is payback "For Hacking Sui Gas Site".

"And Dont mess with Pakistan else you will lose both your Name and this Game   Backoff Lamers from our cyber space. Everybody Knows whose cyber space is more vulnerable" The defacement message reads.



"You will hack 1, we will hack thousands" hacker sent a warning message to Indian Hackers who deface Pakistani websites.  

The hacker has uploaded his defacement here: "https://hindi.sbp.co.in/index.html".  The main page and other pages are not affected by this defacement.  At the time of writing, the website still displays the defacement.

Tunisian hacker 'Human Mind Cracker' discovered SQLi vulnerability in Tunisian Bank sites

XSS in Bank sites

A Grey Hat Hacker with online handle "Human Mind cracker" has discovered SQL Injection vulnerability in some Tunisian Bank websites. Central Bank of Tunisia(bct.gov.tn) and Bank of Tunisia and the UAE (bte.com.tn) are vulnerable to SQLi .

In an email sent to EHN , hacker provided us the vulnerable link and the Proof-of-Concept(POC). As he recommend us not to publish the vulnerable , we are not providing the link here.

According to hacker, he reported the vulnerability to them but they didn't fix the vulnerability so he hacked into the database.

He has published some database information compromised from the server that includes database name and few username.

Also, he has discovered Cross site scripting (XSS) vulnerability in Central Bank of Tunisia,atb.com.tn and Banque de Tunisie(bt.com.tn).

SQL Injection is one of the most critical vulnerability, as attacker can extract the entire database by exploiting it. Banks should really buff up their security measures ,as cyber criminals mainly target Financial institution.