• chevron_right

    Critical Barracuda 0-day was used to backdoor networks for 8 months / ArsTechnica · 6 days ago - 23:58

A stylized skull and crossbones made out of ones and zeroes.

Enlarge (credit: Getty Images )

A critical vulnerability patched 10 days ago in widely used email software from IT security company Barracuda Networks has been under active exploitation since October. The vulnerability has been used to install multiple pieces of malware inside large organization networks and steal data, Barracuda said Tuesday.

The software bug, tracked as CVE-2023-2868, is a remote command injection vulnerability that stems from incomplete input validation of user-supplied .tar files, which are used to pack or archive multiple files. When file names are formatted in a particular way, an attacker can execute system commands through the QX operator, a function in the Perl programming language that handles quotation marks. The vulnerability is present in the Barracuda Email Security Gateway versions through; Barracuda issued a patch 10 days ago.

On Tuesday, Barracuda notified customers that CVE-2023-2868 has been under active exploitation since October in attacks that allowed threat actors to install multiple pieces of malware for use in exfiltrating sensitive data out of infected networks.

Read 7 remaining paragraphs | Comments

  • chevron_right

    The best Mac client for Gmail users is now a 1.0 release with nifty new features / ArsTechnica · Monday, 22 May - 21:13

Mimestream's got a lot of direct Gmail integrations, but its own Profiles separation is quite useful.

Enlarge / Mimestream's got a lot of direct Gmail integrations, but its own Profiles separation is quite useful. (credit: Mimestream)

When I searched for the best Mac email clients for Gmail/Google Apps users in September, I was surprised to find that there was an app built specifically for this purpose. You didn't need to customize it, change its settings, or bolt on a bunch of extensions to make it work and feel right; Mimestream was both deeply hooked into Gmail and very much a Mac app.

Mimestream spent more than three years in a free beta period, releasing more than 220 updates for 167,000 users and adding more than 100 features. Now that a 1.0 release is out—and the company has grown from a solo developer to a five-person team—there's a price for the product .

Mimestream is $30 per year if you buy during this launch period, then $50 per year after that (if you were a beta user, check your inbox for a bigger discount code). There's still a 14-day, no-credit-card-required trial period. Individual users can install it on up to five devices, and there's Family Sharing across iCloud accounts.

Read 5 remaining paragraphs | Comments

  • chevron_right

    Threat actors are using advanced malware to backdoor business-grade routers / ArsTechnica · Tuesday, 7 March - 01:09

Computer cables plugged into a router.

Enlarge (credit: Getty Images )

Researchers have uncovered advanced malware that’s turning business-grade routers into attacker-controlled listening posts that can sniff email and steal files in an ongoing campaign hitting North and South America and Europe.

Besides passively capturing IMAP, SMTP, and POP email, the malware also backdoors routers with a remote access Trojan that allows the attackers to download files and run commands of their choice. The backdoor also enables attackers to funnel data from other servers through the router, turning the device into a covert proxy for concealing the true origin of malicious activity.


(credit: Black Lotus Labs)

“This type of agent demonstrates that anyone with a router who uses the Internet can potentially be a target—and they can be used as proxy for another campaign—even if the entity that owns the router does not view themselves as an intelligence target,” researchers from security firm Lumen’s Black Lotus Labs wrote . “We suspect that threat actors are going to continue to utilize multiple compromised assets in conjunction with one another to avoid detection.”

Read 8 remaining paragraphs | Comments

  • Nu chevron_right

    Microsoft accuse la Chine d'attaquer son service d'email professionnel / Numerama · Wednesday, 3 March, 2021 - 15:13

Microsoft a déployé un patch pour réparer quatre vulnérabilités de Exchange, son service d'email destiné aux entreprises. Un groupe de hacker financé par la Chine aurait exploité ces failles pour siphonner les emails d'entreprises américaines. [Lire la suite]

Voitures, vélos, scooters... : la mobilité de demain se lit sur Vroom !

L'article Microsoft accuse la Chine d’attaquer son service d’email professionnel est apparu en premier sur Numerama .

  • Nu chevron_right

    Gmail : comment annuler l’envoi d’un mail / Numerama · Saturday, 1 August, 2020 - 17:00

Vous venez d'envoyer un mail avec Gmail et vous vous rendez compte que vous n'auriez pas dû ? Sachez que Google fournit une option qui permet en quelque sorte d'annuler l'envoi d'un mail. Voici comment faire pour rattraper le coup. [Lire la suite]

Voitures, vélos, scooters... : la mobilité de demain se lit sur Vroom !

L'article Gmail : comment annuler l’envoi d’un mail est apparu en premier sur Numerama .