More than 100 high-value Mailchimp customers in the cryptocurrency and finance industries had their data exfiltrated as a result of a breach on one of the email marketing firm's internal tools, The Register reports.
Hardware cryptocurrency wallet vendor Trezor issued a warning on Sunday regarding a phishing campaign that has been spreading malware in an effort to harvest information from cryptocurrency wallet owners and later said that scam-related domain addresses have been disabled as Mailchimp said that an insider has compromised its service. Attackers have been suspected of targeted Mailchimp to exfiltrate email addresses of those who are part of Trezor's Mailchimp-managed mailing list, with 319 Mailchimp accounts being accessed and 102 having their "audience data" stolen. "The incident was propagated by an external actor who conducted a successful social engineering attack on Mailchimp employees, resulting in employee credentials being compromised," said Mailchimp Chief Information Security Officer Siobhan Smyth. Mailchimp has already disabled API keys and set necessary protections in place while notifying impacted users.
Malware-free intrusions have become the leading cybersecurity threat against small- to medium-sized businesses, accounting for 56% of all cyber incidents during the third quarter, SiliconAngle reports.
Four high-severity Microsoft Exchange flaws reported by Trend Micro's Zero Day Initiative were noted by Microsoft to have been addressed or not need immediate servicing as required authentication would significantly reduce their odds of being exploited, SecurityWeek reports.
Email security: The current threat landscape, the latest tools/techniques
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news