June 5, CNN – U.S. government hacked; feds think China is the culprit. Four million current and former federal employees, from nearly every government agency, might have had their personal information stolen by Chinese hackers, U.S. investigators said. U.S. officials believe this could be the biggest breach ever of the government's computer networks. China called the allegation irresponsible. Source
June 4, Softpedia – (International) Hoard of vulnerabilities found in SysAid Help Desk. A security researcher discovered 11 vulnerabilities in SysAid Help Desk version 14.4, including a flaw that could allow an attacker to create an administrator account without any authentication, and an exploit in which an attacker could perform remote execution by uploading arbitrary files via directory transversal attacks. The software is used by over 10,000 organizations worldwide. Source
June 3, Securityweek – (International) Cloud providers hit hard by DDoS attacks in Q1: VeriSign. VeriSign reported research finding that information technology (IT) services and cloud providers received over one third of all distributed denial-of-service (DDoS) attacks in the first quarter of 2015, followed by the government and financial services sectors, where the frequency of attacks increased by 3 percent. The total number of attacks increased seven percent since the last quarter of 2014. Source
June 3, Threatpost – (International) Zero-day disclosed in Unity Web Player. Unity Technologies acknowledged bug reports and released details about a zero-day vulnerability in the company’s Unity Web Player browser plugin in which an attacker could load or inject a malicious Unity app in order to use a victim’s credentials to read messages or gain access to online services. Source