IT Security Newsletter

IT Security Newsletter - 6/2/2020

Written by Cadre | Tue, Jun 2, 2020

Joomla data breach leaks 2,700 user records via exposed backups

A Joomla database leak has exposed the personal information, including hashed passwords, of 2,700 individuals registered on the Joomla Resources Directory (JRD). The Joomla Resources Directory allows users to find registered service providers to assist in project management, design, and technical support for Joomla. In a security advisory published by Joomla last week, it was disclosed that the details of 2,700 individuals registered on the Joomla Resources Directory (JRD) service were leaked. READ MORE...

Minneapolis Police Department Hack Likely Fake, Says Researcher

As protests continue to proliferate across the globe in the wake of George Floyd's death, the Minnesota Police Department is making news for something else: A supposed hack, perpetrated at the hands of the Anonymous hacktivist group. According to Troy Hunt at Have I Been Pwned (HIBP), the group of allegedly ill-gotten email addresses and passwords has been circulating in multiple forums, with most of them attributing the credential leak to Anonymous. READ MORE...

Hacker posts database stolen from Dark Net free hosting provider DH

In March, some 7,600 dark-web sites - about a third of all dark-web portals - were obliterated in an attack on Daniel's Hosting (DH), the most popular provider of .onion free hosting services. Its portal was breached, its database was stolen, and its servers were wiped. That was punch one. Punch two landed on Sunday, when a hacker going by the name KingNull or @null uploaded a copy of DH's stolen database to a file-hosting portal and then gave ZDNet a heads-up about the leak. READ MORE...

Apple fixes bug that could have given hackers full access to user accounts

Sign in with Apple-a privacy-enhancing tool that lets users log in to third-party apps without revealing their email addresses-just fixed a bug that made it possible for attackers to gain unauthorized access to those same accounts. "In the month of April, I found a zero-day in Sign in with Apple that affected third-party applications which were using it and didn't implement their own additional security measures," app developer Bhavuk Jain wrote on Sunday. READ MORE...

26 IoT Flaws Enable Denial-of-Service Attacks, Privilege Escalation

Research details vulnerabilities in the Zephyr Real Time Operating Systems and MCUboot, both used in IoT devices and sensors. Newly discovered vulnerabilities in Internet of Things (IoT) components could expose a range of connected devices to denial-of-service (DoS) attacks and privilege escalation, a researcher with NCC Group reports. READ MORE...

VMware Cloud Director vulnerability enables a full cloud infrastructure takeover

A code injection vulnerability (CVE-2020-3956) affecting VMware vCloud Director could be exploited to take over the infrastructure of cloud services, Citadelo researchers have discovered. VMware Cloud Director (formerly known as vCloud Director) is a cloud service delivery platform used by public and private cloud providers to operate and manage cloud infrastructure. READ MORE...

  • ...in 1865, the U.S. Civil War officially ends with the surrender of Gen. Edmund Kirby Smith, dissolving the last Confederate army.
  • ...in 1935, Baseball Hall of Famer Babe Ruth ends his Major League playing career after 22 seasons.
  • ...in 1953, Queen Elizabeth II is formally crowned monarch of the United Kingdom.
  • ...in 1967, The Beatles album "Sgt. Pepper's Lonely Hearts' Club Band" is released in the US.