. https://securityboulevard.com/2019/01/click2gov-breaches-show-the-power-of-zero-days/
blog article
Just about every organization, including the biggest of all—government at all levels—encourages you to pay your bills online. You know the pitch: It’s easy! It’s quick! It’s convenient! It saves paper! And, they also say, it’s safe and secure! Except when it isn’t. Which has been on display for more than a year now, due to an apparently continuing breach of Click2Gov, an online bill-payment portal developed by Superion that allows users to pay for local government services such as utilities, building permits, and business licenses. Click2Gov breaches continue post-patch. While at least one vulnerability has been patched since the company first acknowledged a breach in October 2017, a report released earlier this week by Gemini Advisory found that it is ongoing. It said compromised credit card data now for sale in underground online marketplaces had “likely been stolen from local municipal services that license Click2Gov software.” Gemini said it had found at least 46 compromised U.S. locations and one in Canada, some of those compromises as recent as this past month, adding that, “As of this writing 294,929 payment records were compromised, earning criminals at least $1.7 million.” READ MORE