Security News

Email marketing firm Klaviyo suffered a data breach on August 3rd. Hackers gained access to internal systems after stealing an employee's credentials via a phishing attack. Hacker downloaded marketing lists used by cryptocurrency-related accounts, and for Klaviyo product and marketing updates.

The U.S. Cybersecurity and Infrastructure Security Agency on Thursday added a recently disclosed high-severity vulnerability in the Zimbra email suite to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation. The issue in question is CVE-2022-27924, a command injection flaw in the platform that could lead to the execution of arbitrary Memcached commands and theft of sensitive information.

A Danish ethical hacker was able to work his way uninvited into a closed Cloudflare beta and found a vulnerability that could have been exploited by a cybercriminal to hijack and steal someone else's email. Student Albert Pedersen reported the critical vulnerability to Cloudflare via the company's bug bounty program, and was awarded $3,000.

The research found that 97% of the top ten universities across each country are not taking appropriate measures to proactively block attackers from spoofing their email domains, increasing the risk of email fraud. None of the top U.S. and U.K. universities had a Reject policy in place, which actively blocks fraudulent emails from reaching their intended targets, meaning all are leaving students open to email fraud.

Top U.S. universities are among the worst in the world at protecting users from email fraud, lacking security measures to prevent common threat tactics such as domain spoofing or other types of fraudulent emails, researchers have found. The news is troubling, especially as email remains the most common vector for security compromises across all industries, observed Ryan Kalember, executive vice president of cybersecurity strategy at Proofpoint, in a statement.

Microsoft says the Outlook email client will crash when opening and reading emails with tables such as Uber receipt emails. "When opening, replying, or forwarding some emails that include complex tables, Outlook stops responding," the company explains in a support document.

A threat actor operating with interests aligned with North Korea has been deploying a malicious extension on Chromium-based web browsers that's capable of stealing email content from Gmail and AOL. Cybersecurity firm Volexity attributed the malware to an activity cluster it calls SharpTongue, which is said to share overlaps with an adversarial collective publicly referred to under the name Kimsuky. SharpTongue has a history of singling out individuals working for organizations in the U.S., Europe, and South Korea who "Work on topics involving North Korea, nuclear issues, weapons systems, and other matters of strategic interest to North Korea," researchers Paul Rascagneres and Thomas Lancaster said.

While the organization needs to adjust to conduct business as usual with 75% of the workforce in place, it is now even more prone to phishing attacks. In the ever-evolving war between hackers and organizations, 3.4 billion phishing attacks are raining on us every day.

A North Korean-backed threat group tracked as Kimsuky is stealing emails from Google Chrome or Microsoft Edge users browsing their webmail accounts using a malicious browser extension. The extension, dubbed SHARPEXT by Volexity researchers who spotted this campaign in September, supports three Chromium-based web browsers and can steal mail from Gmail and AOL accounts.

A ransomware gang has not only taken down WordFly, a mailing list provider for top arts organizations among others, but also siphoned data belonging to the US-based Smithsonian, Canada's Toronto Symphony Orchestra, and the Courtauld Institute of Art in London. In an update about the ongoing outage, WordFly exec Kirk Bentley said the outfit's engineering team discovered a network disruption on July 10.