- Collection #1 dump, 773 million emails, 21 million passwords
- Drupal fixes 2 critical code execution issues flaws in Drupal 7, 8.5 and 8.6
- South Korea: hackers compromised Defense Acquisition Program Administration PCs
- Unprotected server of Oklahoma Department of Securities exposes millions of government files
Posted: 17 Jan 2019 10:56 AM PST
The popular cyber security expert Troy Hunt has uncovered a massive data leak he called ‘Collection #1’ that included 773 million records.
The name ‘Collection #1’ comes from the name of the root folder.
Someone has collected a huge trove of data through credential stuffing, the ‘Collection #1’ archive is a set of email addresses and passwords
According to Hunt, there are 1,160,253,228 unique combinations of email addresses and passwords, while the unique email addresses
The data was posted on file-sharing service MEGA and also on an unnamed popular hacking forum, it includes more than 12,000 files for a total size of 87 gigabytes.
Hunt pointed out that approximately 140 million email accounts and some 10.6 million passwords are not part of known past data breaches.
“The unique email addresses
The post on the hacking forum referenced “a collection of 2000+
Users can check if their credentials are included in the Collection #1 dump by visiting the HIBP website.
“As of now, all 21,222,975 passwords from Collection #1 have been added to Pwned Passwords bringing the total number of unique values in the list to
(SecurityAffairs – Collection #1, data leak)
The post Collection #1 dump, 773 million emails, 21 million passwords appeared first on Security Affairs.
Posted: 17 Jan 2019 04:39 AM PST
Drupal released security updates for Drupal 7, 8.5 and 8.6 that address two “critical” security vulnerabilities that could be exploited for arbitrary code execution.
The first vulnerability could be exploited by a remote attacker to execute arbitrary PHP code. The flaw resides in the
“A remote code execution vulnerability exists in PHP’s built-in
“Some Drupal code (core,
The development team marked .phar as a potentially dangerous extension, this means that .phar files uploaded to a website running on the popular CMS will be automatically converted to .txt to prevent malicious execution.
The development team has disabled the
“Drupal 7 sites using PHP 5.2 (or PHP 5.3.0-5.3.2) that require
The second flaw affects the PEAR Archive_Tar, a third-party library that handles .tar files in PHP. An attacker could use a specially crafted .tar file to delete arbitrary files on the system and possibly even execute remote code.
“Drupal core uses the third-party PEAR Archive_Tar library. This library has released a security update which impacts some Drupal configurations. Refer to CVE-2018-1000888 for details.” reads the security advisory.
The development team behind the Archive_Tar have patched flaw and released the update it in the core of the CMS.
Drupal 8.6.6, 8.5.9 and 7.62 patch both flaws, experts highlighted that Drupal 8 versions prior to 8.5.x will no longer receive security updates because they have reached the
The post Drupal fixes 2 critical code execution issues flaws in Drupal 7, 8.5 and 8.6 appeared first on Security Affairs.
Posted: 17 Jan 2019 02:17 AM PST
South Korea – Allegedstate-sponsored hackers compromised 10 PCs at ministry’s Defense Acquisition Program Administration.
Unknown hackers compromised 10 PCs at ministry’s Defense Acquisition Program Administration which is the office that manages the military procurement.
The news was confirmed by the South Korea Ministry of National Defense.
“It has been turned out that 30 computers installed on the internal system of the Defense Acquisition Program Administration, in charge of arms procurement such as next-generation fighter jets, have come under simultaneous virtual attacks and 10 out of them saw internal data leaked.”
The systems targeted by the hackers contain sensitive data on purchases for military equipment and weapons, including “next-generation fighter jets,”
The security breach was disclosed this week in a report from a South Korean politician.
The National Assembly and the Defense Acquisition Program Administration confirmed that no confidential information was accessed or exfiltrated by hackers.
The security breach has occurred on October 4, 2018, the attack aimed at 30 computers, but only 10 of them were hacked. The intrusion was spotted on October 26 when the National Intelligence Service noticed suspicious traffic on IP associated with the Agency.
The intrusion coincides with another attack on Liberty Korea Party Rep. Baek Seung-
“It is dubious whether the agency issued a conclusion to conceal damage and minimize the scope of penetration,” Rep. Lee pointed out. “Further investigation to find out if the source of attacks is North Korea or any other party.”
The A Ilbo added that an intelligence agent said that further review will be executed on defense measures implemented to protect by the Defense Acquisition Program Administration's systems.
The post South Korea: hackers compromised Defense Acquisition Program Administration PCs appeared first on Security Affairs.
Posted: 17 Jan 2019 12:47 AM PST
A huge trove of data belonging to the Oklahoma Department of Securities (ODS) was left unsecured on a server for at least a week.
Another data leak made the headlines, a huge trove of data belonging to the Oklahoma Department of Securities (ODS) was left unsecured on a server for at least a week.
The unsecured storage server was discovered by security expert Greg Pollock from UpGuard, it contained 3 terabytes of data including millions of sensitive Government files and years worth of sensitive FBI investigations.
Other documents included social security numbers, names, and addresses
The server also included email backups from 1999 to 2016, the largest and most recent reaching 16GB in size.
The exposed information includes passwords that could have used by an attacker to remotely access the state agency’s workstations, and credentials to access several internet services.
Digging in the archive it is also possible to find information related to people with
“By the best available measures of the files’ contents and metadata, the data was generated over decades, with the oldest data originating in 1986 and the most recent modified in 2016,” reads a blog post published by UpGuard.
“The data was exposed via an unsecured rsync service at an IP address registered to the Oklahoma Office of Management and Enterprise Services, allowing any user from any IP address to download all the files stored on the server.”
The Oklahoma Securities Commission published a press release to disclose the data leak, it announced that a forensic team is still investigating the case.
“The Oklahoma Department of Securities (ODS) has initiated a comprehensive review of the circumstances surrounding an incident involving the inadvertent exposure of information during installation of a firewall.” reads the press release.
“An accidental vulnerability of limited duration to a server containing archived data was discovered and immediately secured. The ODS has notified law enforcement and OMES regarding the incident. A forensic team is currently conducting an analysis to determine the type and number of data files that may have been exposed and who may have accessed them.”
The post Unprotected server of Oklahoma Department of Securities exposes millions of government files appeared first on Security Affairs.
|You are subscribed to email updates from Security Affairs. |
To stop receiving these emails, you may unsubscribe now.
|Email delivery powered by Google|
|Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States|