Sergiu Gatlan reports: Email and network security company Barracuda warns customers they must replace Email Security Gateway (ESG) appliances hacked in attacks targeting a now-patched zero-day vulnerability. “Impacted ESG appliances must be immediately replaced regardless of patch version level,” the company warned in an update to the initial advisory issued on Tuesday. “Barracuda’s remediation recommendation at this…
Category: Business Sector
Orbiter Finance Discord Server Hacked
Mansi Sarvaiya reports: A decentralized cross-rollup layer-2 bridge, Orbiter Finance’s Discord server was compromised by bad actors, who have shared a link to a fraudulent airdrop program. This incident marks the latest targeting of Orbiter Finance. CertiK Alert, a reputable blockchain security and analytics platform, took to Twitter in the early hours of June 1…
Russia says US hacked thousands of Apple phones in spy plot
Guy Faulconbridge reports: Russia’s Federal Security Service (FSB) said on Thursday it had uncovered an American espionage operation that compromised thousands of iPhones using sophisticated surveillance software. Moscow-based Kaspersky Lab said dozens of its employees’ devices were compromised in the operation. The FSB, the main successor to the Soviet-era KGB, said in a statement that…
Hong Kong privacy watchdog warns data management firm over possible exposure of credit histories of 180,000 people
Sammy Heung reports: Hong Kong’s privacy watchdog has threatened to take legal action against a data management firm for failing to protect the credit histories of about 180,000 people from unauthorised access. The Office of the Privacy Commissioner for Personal Data on Thursday said it received a complaint in December 2021 from an individual who…
Yet Another Toyota Cloud Data Breach Jeopardizes Thousands of Customers
Dark Reading reports: Toyota Motor Corp. today announced its discovery of yet another data breach — this time, two misconfigured cloud services were found leaking 260,000 car owners’ personal information over a seven-year period. This discovery comes after the car manufacturer conducted an investigation of its cloud features in the wake of announcing earlier in…
Barracuda zero-day abused since 2022 to drop new malware, steal data
Sergiu Gatlan reports: Network and email security firm Barracuda today revealed that a recently patched zero-day vulnerability had been exploited for at least seven months to backdoor customers’ Email Security Gateway (ESG) appliances with custom malware and steal data. The company says an ongoing investigation found that the bug (tracked as CVE-2023-2868) was first exploited…