Security News

In this Help Net Security video, Chris Lehman, CEO at SafeGuard Cyber, talks about how adversaries are moving beyond email to attack companies through a wide range of digital communications platforms, including mobile messaging, collaboration, conferencing, CRM and social media. These social engineering attacks are difficult to detect and bypass standard security controls.

A new high-severity vulnerability has been disclosed in the Zimbra email suite that, if successfully exploited, enables an unauthenticated attacker to steal cleartext passwords of users sans any user interaction. "With the consequent access to the victims' mailboxes, attackers can potentially escalate their access to targeted organizations and gain access to various internal services and steal highly sensitive information," SonarSource said in a report shared with The Hacker News.

Cisco notified customers this week to patch a critical vulnerability that could allow attackers to bypass authentication and login into the web management interface of Cisco email gateway appliances with non-default configurations. The security flaw was found in the external authentication functionality of virtual and hardware Cisco Email Security Appliance and Cisco Secure Email and Web Manager appliances.

Technical details have emerged on a high-severity vulnerability affecting certain versions of the Zimbra email solution that hackers could exploit to steal logins without authentication or user interaction. A fix has been published in Zimbra versions ZCS 9.0.0 Patch 24.1 and ZCS 8.8.15 Patch 31.1, available since May 10, 2022.

Generically, the industry has conformed to the term Business Email Compromise to capture this swath of threats, including impersonation, phishing, spoofing, and in more advanced cases, by way of a malicious attachment, including Adobe and Microsoft Office documents. To help address this gap, we launched InQuest Labs, a free research portal designed to crowdsource the discovery of emerging threats.

The "New and improved" version of Emotet is exhibiting a "Troubling" behavior of effectively collecting and using stolen credentials, "Which are then being weaponized to further distribute the Emotet binaries," Charles Everette from Deep Instinct revealed in a blog post this week. In April, Emotet malware attacks returned after a 10-month "Spring break" with targeted phishing attacks linked to the threat actor known as TA542, which since 2014 has leveraged the Emotet malware with great success, according to a report by Proofpoint.

Stop significant B2B or B2C information sharing problems with a tailored approach to encryption. The security of our data is, without question, at the top of any enterprise's priority list.

A new unpatched security vulnerability has been disclosed in the open-source Horde Webmail client that could be exploited to achieve remote code execution on the email server simply by sending a specially crafted email to a victim. "Once the email is viewed, the attacker can silently take over the complete mail server without any further user interaction," SonarSource said in a report shared with The Hacker News.

An emailed report seemingly about a payment will, when opened in Excel on a Windows system, attempt to inject three pieces of file-less malware that steal sensitive information. From there, the malicious code will not only steal information, but can also remotely control aspects of the PC. The first of the three pieces of malware is AveMariaRAT, followed by Pandora hVCN RAT and BitRAT. AveMariaRAT has a range of features, from stealing sensitive data to achieving privilege escalation, remote desktop control, and camera capturing.

Interpol and cops in Africa have arrested a Nigerian man suspected of running a multi-continent cybercrime ring that specialized in phishing emails targeting businesses. Interpol's African Joint Operation against Cybercrime referred the intelligence to Nigerian police, who were supported by law enforcement in Australia, Canada, and the US. Ultimately Nigerian cops arrested the suspect at Murtala Mohammed International Airport in Lagos.