BleepingComputer reports that some Barracuda Email Security Gateway instances have been compromised in attacks exploiting a zero-day vulnerability, which has already been patched in security updates issued over the weekend.
Numerous sectors including government, financial services, media, manufacturing, transportation, and utilities have been targeted by the large-scale credential phishing campaign leveraging the SuperMailer newsletter distribution app, which has expanded by twofold monthly since January, according to SecurityWeek.
BleepingComputer reports that more than $5.9 million worth of cryptocurrency has been pilfered by the Inferno Drainer cryptocurrency phishing and scam service from 4,888 victims.
New business email compromise attacks launched by threat actors in Asia and a country in Eastern Europe have been using residential IP addresses matching victims' locations in an effort to conceal malicious activity, according to SecurityWeek.
Suspected Indian state-sponsored threat operation SideWinder has been discovered to have an attack infrastructure with 55 phishing domains and IP addresses impersonating organizations in the government, news media, financial, and telecommunications sectors, according to The Hacker News.
SiliconAngle reports that organizations with one unpatched security vulnerability were 33% more likely to have cyber insurance claims, while those that continued leveraging old unsupported software had a threefold increased likelihood of claims.
Financially motivated threat operation Water Orthus, which was behind the CopperStealer malware, has reemerged with new attacks deploying the novel CopperStealth and CopperPhish payloads, reports The Hacker News.
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.