CVE-2023-20867

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Snoops 'aggressively targeted' specific govt, academic accounts

Chinese spies are behind the data-stealing malware injected into Barracuda's Email Security Gateway (ESG) devices globally as far back as October 2022, according to Mandiant. Barracuda discovered a critical bug, tracked as CVE-2023-2868, in these appliances on May 19, we're told, and pushed a patch to all affected products the following day.  At the time, it said miscreants had been abusing the flaw to run remote commands on targeted equipment, hijack them, and deploy data-stealing spyware ...

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Plus: Adobe, SAP and Android push updates

Microsoft has released security updates for 78 flaws for June's Patch Tuesday, and luckily for admins, none of these are under exploit. Yesterday's critical Fortinet bug and the ongoing Progress MOVEit flaws, however, are entirely different stories, so the proverbial thoughts and prayers to the teams dealing with those messes.  Microsoft's big patch day rated six of today's fixes as critical and four of these garnered a 9.8 severity score, so let's start with those. CVE-2023-29357, a Micros...

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Crooks know where the big bucks are

Zero-day exploits targeting enterprise-specific software and appliances are now outpacing zero-day bugs overall, according to Google's threat hunting teams. In a report published today, Google's Threat Analysis Group (TAG) and Mandiant said they tracked 97 total zero-day vulnerabilities found and exploited by miscreants in 2023, which is considerably more than the year prior, with 62 vulnerabilities. Enterprise-specific technology zero-days, however, increased by 64 percent in 2023 compared to 2...