January 9, 2024 at 09:14AM TitanHQ has launched PhishTitan Integrated Cloud Email Security (ICES), a cutting-edge native M365 anti-phishing solution. It effectively blocks and remediates threats like business email compromise, account takeover, and zero-day attacks. The solution, quickly adopted by existing customers, offers unbeatable phishing protection within M365 and boasts various key features to combat … Read more
January 4, 2024 at 01:06PM Mimecast has acquired Elevate Security, a startup specializing in user-education technology. The acquisition aims to enhance Mimecast’s Awareness Training product line with Elevate Security’s risk scoring algorithm and incident triage technology. Financial details were not disclosed. Mimecast plans to support Elevate Security’s existing customer base. Elevate Security, founded six years … Read more
January 3, 2024 at 06:18AM A new exploitation technique called SMTP smuggling allows threat actors to send malicious emails with fake sender addresses, bypassing security measures. The method exploits vulnerabilities in messaging servers from Microsoft, GMX, and Cisco, impacting SMTP implementations from Postfix and Sendmail. Cisco users are advised to change settings to avoid receiving … Read more
December 29, 2023 at 06:54AM Ukraine’s CERT-UA has warned of a new phishing campaign by the Russia-linked APT28 group targeting government entities through email messages, deploying malware such as OCEANMAP, MASEPIE, and STEELHOOK to harvest sensitive information. The attacks utilize various tools, including the Python-based MASEPIE and the C#-based OCEANMAP, with communications employing encrypted channels. … Read more
December 28, 2023 at 06:00AM Mandiant disclosed zero-day attacks targeting Barracuda Email Security Gateway (ESG) appliances, exploiting CVE-2023-7102 to execute malicious code in Excel email attachments. The China-linked threat actor UNC4841 used this vulnerability to target government, IT, and high-tech organizations. Barracuda promptly deployed updates and urged customers to follow the recommended guidance. UNC4841 has … Read more
December 27, 2023 at 08:24AM Chinese threat actors exploited a new zero-day in Barracuda’s Email Security Gateway appliances, deploying backdoors on a limited number of devices. The issue, tracked as CVE-2023-7102, allowed arbitrary code execution via a third-party library. Barracuda released a security update and remediated compromised appliances. This highlights the adaptability of the threat … Read more
December 27, 2023 at 06:56AM Barracuda deployed remote patches on December 21 to address a zero-day vulnerability in its Email Security Gateway (ESG) appliances exploited by Chinese hackers. A subsequent wave of security updates targeted compromised appliances. The vulnerability, tracked as CVE-2023-7102, is attributed to a weakness in a third-party library. The company reassured customers … Read more
December 27, 2023 at 06:12AM China-linked hackers are persistently targeting Barracuda Email Security Gateway (ESG) appliances. In May 2023, a zero-day vulnerability, CVE-2023-2868, was used to deliver malware and steal data, attributed to cyberespionage group UNC4841. Subsequently, a new zero-day vulnerability, CVE-2023-7102, impacting the ‘Spreadsheet::ParseExcel’ library, was exploited to deliver new malware variants. Barracuda issued … Read more
December 21, 2023 at 05:40PM New data from EasyDMARC shows a 7.5% increase in intercepted phishing emails from January 2022 to November 2023. The research tracked a rise in flagged emails imitating legitimate domains and a 24% increase in potentially harmful emails per domain. The CEO emphasizes the need for businesses to implement email authentication … Read more
December 20, 2023 at 04:59PM Israel National Cyber Directorate warns of phishing emails posing as F5 BIG-IP zero-day security updates, deploying data wipers for Windows and Linux. Israeli organizations targeted by pro-Palestinian and Iranian hacktivists since October. New phishing attack delivers data wipers through fake F5 update emails. Wipers communicate with a Telegram channel, posing … Read more