Mandiant: ‘China deployed Barracuda vulnerability as spy tool’
According to Mandiant, Chinese state-sponsored hackers exploited the vulnerability in Barracuda ESG devices. The hackers created victims in at least 16 countries and a high number of government agencies were affected.
Mandiant was put in charge of investigating vulnerability CVE-2023-2868. Firs... Read more
Barracuda wants customers to replace vulnerable ESG devices
Barracuda Networks is facing a massive problem with its e-mail security products. All affected ESG appliances must be replaced, including those from customers who have already obediently installed a previously released patch.
Email Security Gateway (ESG) appliances from Barracuda may be affected... Read more
Barracuda leaves Email Security Gateway undiscovered for months
Barracuda Networks recently discovered a vulnerability in its Email Security Gateway. The vulnerability has been open for the last eight months without a patch being released, according to its own research.
Barracuda's Email Security Gateway (ESG) has not been as secure as it should have been fo... Read more
Cisco intends to acquire Armorblox
The deal will give Cisco a wide range of tools to deliver AI-powered cybersecurity for the enterprise.
This week US networking giant Cisco announced that it will acquire the cybersecurity startup Armorblox. The acquisition will give Cisco a new palette of products and services to provide email ... Read more
Exchange Online to block emails from “vulnerable” on-prem servers
Microsoft is enabling a new security feature to protect users from on-premise servers that have not updated their security.
Microsoft is enabling a new system for Exchange Online that will automatically start throttling and blocking emails sent from "persistently vulnerable Exchange servers" tha... Read more
Google launches end-to-end encryption for Gmail web
Google recently announced end-to-end encryption for the web version of Gmail. The feature allows users to send and receive encrypted emails inside and outside their domains.
The update involves client-side encryption or E2EE. When enabled, the security feature ensures that sensitive data from an... Read more
Hacking campaign uses infected James Webb Telescope image
Investigators discovered a new malware campaign that uses gigapixel images from the James Web Project to distribute malware on target computers.
The James Web Telescope (JWST) was launched after more than two decades of planning and development. It's a turning point for astronomy, but sadly also... Read more
PyPI packages under attack after phishers target developers
Developers and maintainers of PyPI are under attack by digital scammers through email phishing.
Several PyPI developers and maintainers have fallen for phishing scams conducted by digital scammers. The malicious campaign was disclosed by Adam Johnson, a project board member at Django, who receiv... Read more
State-backed North Korean hackers have a smart way of reading your Gmail
Security researchers revealed never-seen-before malware that competent North Korean hackers use to sneak, read, and access the attachments and emails from AOL and Gmail users' accounts.
A malware, dubbed SHARPEXT by security researchers from security firm Volexity, uses smart methods to download... Read more
Research: new tools and security measures often counterproductive
Research by Zivver reveals that although companies have accelerated their innovation efforts in the past two years, many challenges remain. Employees that participated in the study complain about security measures that are counterproductive and slow down work. Many applications have been added in t... Read more