The Jmail Breaker attack leverages an old vulnerability in Joomla! along with a newly found flaw in the mail module.
SECOND UPDATE
Editor’s Note: It has come to our attention that Check Point’s findings are being questioned by Joomla! and others in the open-source ecosystem. Our story accurately reflects Check Point’s report — but it’s clear that the news isn’t about Jmail or the vulnerability (which is at least three years old), but rather that an attacker has set up a mass phishing infrastructure using an old attack pattern and is carrying out a campaign. Threatpost has reached out to Check Point again to get details as to how prolific the attack is and who the targets are, etc. and will update the post accordingly. Joomla! meanwhile has issued a statement on what it says are inaccuracies on the technical side of Check Point’s report.
For More Details :
https://threatpost.com/joomla-mail-flaw-exploited/142341/
