BleepingComputer reports that the Cybersecurity and Infrastructure Security Agency has updated its Known Exploited Vulnerabilities Catalog to include the high-severity Windows Support Diagnostic Tool zero-day and UnRAR utility vulnerabilities following active exploitation in the wild.
More than a dozen industrial enterprise organizations, government agencies, military entities, and other public organizations in Russia, Ukraine, Afghanistan, Belarus, and other countries in Eastern Europe have been compromised by the Chinese hacking group TA428 through a widespread phishing campaign that leveraged six backdoors, The Register reports.
BleepingComputer reports that email marketing company Klaviyo has been impacted by a data breach last Wednesday that has compromised its internal systems, as well as cryptocurrency customers' marketing lists following a phishing attack that allowed attackers to gain employee credentials.
Cross-chain cryptocurrency platform deBridge Finance was suspected to be targeted by North Korean hacking group Lazarus in a phishing campaign aimed at cryptocurrency theft, according to BleepingComputer.
Salinas Valley Memorial Health will pay the patients impacted by a 2020 email hack $340,000 to resolve a lawsuit alleging the California health system’s poor cybersecurity caused the breach.
Microsoft, FedEx, and other brands have been impersonated in separate phishing campaigns between mid-May and late July that involved the exploitation of an open redirect vulnerability in Snapchat and American Express domains in an effort to exfiltrate credentials and personally identifiable information, reports Threatpost.
Despite our best efforts to the contrary, email attacks are growing more numerous and more costly. Here are the top three email threats you need to worry about.
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.
