Several government websites in Malaysia, including those of the Health Ministry, the Malaysia Co-operative Societies Commission, the Handicraft Development Corporation, and the Women’s Development Department, have been compromised due to a security vulnerability. The National Cyber Security Agency has identified a flaw in a content editing extension of the Joomla content management system, which allowed unauthorized access. This vulnerability enables remote attackers to create fake CMS editor profiles to upload and execute arbitrary PHP code, potentially leading to data theft, defacement, and complete control over the affected web servers. The integrity, confidentiality, and availability of the compromised websites and their data are at risk. Affected entities are advised to report incidents to the National Cyber Coordination and Command Centre and update to the latest Joomla Content Editor versions. The Health Ministry’s website was recently targeted by a group named Mushr00w and was inaccessible at the time of reporting.
Were government websites, including Health Ministry’s, hacked and need urgent patching?
