Email security

CyberScoop reports that the U.S., along with law enforcement officials in the Netherlands, Germany, and the U.K., disrupted the Russian botnet dubbed "RSOCKS," which was found to be composed of millions of compromised internet-connected devices, just weeks after the FluBot botnet had been dismantled in a separate international law enforcement operation.

BlackCloak points out that organizations need to do a better job protecting their top executives: some 87% of executives use passwords that have been leaked on the dark web.

Cisco has called on the users of its Email Security Appliance and Secure Email and Web Manager appliances with non-default configurations to immediately patch a critical security flaw, tracked as CVE-2022-20798, which could be abused to evade authentication and access the appliances' web management interface, according to BleepingComputer. "An attacker could exploit this vulnerability by entering a specific input on the login page of the affected device.

The Hacker News reports that threat actors could exploit a high-severity Zimbra email suite flaw to facilitate the theft of user passwords in cleartext.

Iranian state-sponsored hacking group Phosphorus also known as APT35, Charming Kitten, Magic Hound, and Newscaster Team has been suspected to be behind a spear-phishing campaign aimed at a former U.S. ambassador to Israel, as well as former Israeli officials, high-ranking military officers, and a security think tank leader, CyberScoop reports.

DMARC was born of a need to decrease not only the incidence of business email compromise and other phishing-related scams, but specifically to reduce payments and financial fraud.

This week’s breach roundup includes multiple email account hacks and is led by a ransomware attack on Yuma Regional Medical Center, which enabled the theft of patient data.