Cisco has called on the users of its Email Security Appliance and Secure Email and Web Manager appliances with non-default configurations to immediately patch a critical security flaw, tracked as CVE-2022-20798, which could be abused to evade authentication and access the appliances' web management interface, according to BleepingComputer.
"An attacker could exploit this vulnerability by entering a specific input on the login page of the affected device. A successful exploit could allow the attacker to gain unauthorized access to the web-based management interface of the affected device," said Cisco, which noted the flaw's discovery while addressing a Cisco Technical Assistance Center case. Only appliances leveraging external authentication with LDAP are impacted by the security bug, which has not yet been exploited by any threat actor, said Cisco's Product Security Incident Response Team. Impacted appliances could be verified by logging into the web-based management interface and checking whether the "Enable External Authentication" option has a green check box.
Sixty thousand emails from U.S. State Department accounts were noted by a staffer working for Sen. Eric Schmitt, R-Mo., to have been exfiltrated by Chinese threat actors during the widespread compromise of Microsoft email accounts that commenced in May, according to Reuters.
Threat actors have leveraged the ZeroFont phishing attack technique, which initially involved the insertion of hidden characters or words in emails to evade security detection systems, to modify message previews as shown on Microsoft Outlook and other email clients, BleepingComputer reports.
BleepingComputer reports that individuals who have filed claims against bankrupt cryptocurrency lender Celsius have been subjected to phishing attacks involving the impersonation of the lender's claims agent, Stretto.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news