BleepingComputer reports that some Barracuda Email Security Gateway instances have been compromised in attacks exploiting a zero-day vulnerability, which has already been patched in security updates issued over the weekend.
No other Barracuda products have been impacted by the security flaw, according to Barracuda Networks, which has already informed users whose appliances may have been breached. Organizations using Barracuda ESG have been urged to conduct a review of their environments to ensure the safety of other network devices.
"If a customer has not received notice from us via the ESG user interface, we have no reason to believe their environment has been impacted at this time and there are no actions for the customer to take," said Barracuda.
Meanwhile, fixes have also been issued by Barracuda for a login issue and a faulty spam scoring logic in its Email Gateway Defense appliances.
Sixty thousand emails from U.S. State Department accounts were noted by a staffer working for Sen. Eric Schmitt, R-Mo., to have been exfiltrated by Chinese threat actors during the widespread compromise of Microsoft email accounts that commenced in May, according to Reuters.
Threat actors have leveraged the ZeroFont phishing attack technique, which initially involved the insertion of hidden characters or words in emails to evade security detection systems, to modify message previews as shown on Microsoft Outlook and other email clients, BleepingComputer reports.
BleepingComputer reports that individuals who have filed claims against bankrupt cryptocurrency lender Celsius have been subjected to phishing attacks involving the impersonation of the lender's claims agent, Stretto.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news