Security News

TechCrunch reviewed the leaked data, which included years of victims' call logs and text messages dating back to 2013. The database we reviewed contained current records on at least 13,000 compromised devices, though some of the devices shared little to no data with LetMeSpy.

Car mount and mobile accessory maker iOttie warns that its site was compromised for almost two months to steal online shoppers' credit cards and personal information. In a new data breach notification issued yesterday, iOttie says they discovered on June 13th that its online store was compromised between April 12th, 2023, and June 2nd with malicious scripts.

Enterprise security company Barracuda is now urging customers who were impacted by a recently disclosed zero-day flaw in its Email Security Gateway appliances to immediately replace them. "Impacted ESG appliances must be immediately replaced regardless of patch version level," the company said in an update, adding its "Remediation recommendation at this time is full replacement of the impacted ESG.".

Email and network security company Barracuda warns customers they must replace Email Security Gateway appliances hacked in attacks targeting a now-patched zero-day vulnerability. "Impacted ESG appliances must be immediately replaced regardless of patch version level," the company warned in an update to the initial advisory issued on Tuesday.

Russian cybersecurity firm Kaspersky says some iPhones on its network were hacked using an iOS vulnerability that installed malware via iMessage zero-click exploits. Kaspersky says the campaign started in 2019 and reports the attacks are still ongoing.

Barracuda says that the recently discovered compromise of some of it clients' ESG appliances via a zero-day vulnerability resulted in the deployment of three types of malware and data exfiltration.Zeor-day exploited, Barracuda ESG appliances backdoored.

Emby says it remotely shut down an undisclosed number of user-hosted media server instances that were recently hacked by exploiting a previously known vulnerability and an insecure admin account configuration. To trick the servers into granting them access and gain admin servers to the vulnerable servers even though they were attempting to log in from outside the LAN, the threat actors exploited a flaw described by Emby as a "Proxy header vulnerability," known since at least February 2020 and recently patched in the beta channel.

A vulnerability in Barracuda Networks' Email Security Gateway appliances has been exploited by attackers, the company has warned. CVE-2023-2868 is a critical remote command injection vulnerability affecting only physical Barracuda Email Security Gateway appliances, versions 5.1.3.001 - 9.2.0.006.

We and our store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience insights, as well as to develop and improve products. With your permission we and our partners may use precise geolocation data and identification through device scanning.

PHP software package repository Packagist revealed that an "Attacker" gained access to four inactive accounts on the platform to hijack over a dozen packages with over 500 million installs to date. "The attacker forked each of the packages and replaced the package description in composer.json with their own message but did not otherwise make any malicious changes," Packagist's Nils Adermann said.