• chevron_right

      Critical Barracuda 0-day was used to backdoor networks for 8 months

      news.movim.eu / ArsTechnica · Tuesday, 30 May, 2023 - 23:58

    A stylized skull and crossbones made out of ones and zeroes.

    Enlarge (credit: Getty Images )

    A critical vulnerability patched 10 days ago in widely used email software from IT security company Barracuda Networks has been under active exploitation since October. The vulnerability has been used to install multiple pieces of malware inside large organization networks and steal data, Barracuda said Tuesday.

    The software bug, tracked as CVE-2023-2868, is a remote command injection vulnerability that stems from incomplete input validation of user-supplied .tar files, which are used to pack or archive multiple files. When file names are formatted in a particular way, an attacker can execute system commands through the QX operator, a function in the Perl programming language that handles quotation marks. The vulnerability is present in the Barracuda Email Security Gateway versions 5.1.3.001 through 9.2.0.006; Barracuda issued a patch 10 days ago.

    On Tuesday, Barracuda notified customers that CVE-2023-2868 has been under active exploitation since October in attacks that allowed threat actors to install multiple pieces of malware for use in exfiltrating sensitive data out of infected networks.

    Read 7 remaining paragraphs | Comments

    • chevron_right

      The best Mac client for Gmail users is now a 1.0 release with nifty new features

      news.movim.eu / ArsTechnica · Monday, 22 May, 2023 - 21:13

    Mimestream's got a lot of direct Gmail integrations, but its own Profiles separation is quite useful.

    Enlarge / Mimestream's got a lot of direct Gmail integrations, but its own Profiles separation is quite useful. (credit: Mimestream)

    When I searched for the best Mac email clients for Gmail/Google Apps users in September, I was surprised to find that there was an app built specifically for this purpose. You didn't need to customize it, change its settings, or bolt on a bunch of extensions to make it work and feel right; Mimestream was both deeply hooked into Gmail and very much a Mac app.

    Mimestream spent more than three years in a free beta period, releasing more than 220 updates for 167,000 users and adding more than 100 features. Now that a 1.0 release is out—and the company has grown from a solo developer to a five-person team—there's a price for the product .

    Mimestream is $30 per year if you buy during this launch period, then $50 per year after that (if you were a beta user, check your inbox for a bigger discount code). There's still a 14-day, no-credit-card-required trial period. Individual users can install it on up to five devices, and there's Family Sharing across iCloud accounts.

    Read 5 remaining paragraphs | Comments

    • chevron_right

      Fin du ticket de caisse : qu’est-ce qui change pour les Français ?

      news.movim.eu / Numerama · Tuesday, 28 March, 2023 - 18:03

    À partir du 1er avril 2023, le ticket de caisse ne sera plus imprimé à chaque fois. Il sera possible de repartir sans rien ou de demander une version dématérialisée. Une alternative qui a des implications au niveau des données personnelles. [Lire la suite]

    Abonnez-vous aux newsletters Numerama pour recevoir l’essentiel de l’actualité https://www.numerama.com/newsletter/

    • chevron_right

      Disparition du ticket de caisse : qu’est-ce qui change pour les Français ?

      news.movim.eu / Numerama · Monday, 13 March, 2023 - 10:52

    À partir du 1er avril 2023, le ticket de caisse ne sera plus imprimé à chaque fois. Il sera possible de repartir sans rien ou de demander une version dématérialisée. Une alternative qui a des implications au niveau des données personnelles. [Lire la suite]

    Abonnez-vous aux newsletters Numerama pour recevoir l’essentiel de l’actualité https://www.numerama.com/newsletter/

    • chevron_right

      Threat actors are using advanced malware to backdoor business-grade routers

      news.movim.eu / ArsTechnica · Tuesday, 7 March, 2023 - 01:09

    Computer cables plugged into a router.

    Enlarge (credit: Getty Images )

    Researchers have uncovered advanced malware that’s turning business-grade routers into attacker-controlled listening posts that can sniff email and steal files in an ongoing campaign hitting North and South America and Europe.

    Besides passively capturing IMAP, SMTP, and POP email, the malware also backdoors routers with a remote access Trojan that allows the attackers to download files and run commands of their choice. The backdoor also enables attackers to funnel data from other servers through the router, turning the device into a covert proxy for concealing the true origin of malicious activity.

    figure5-640x393.png

    (credit: Black Lotus Labs)

    “This type of agent demonstrates that anyone with a router who uses the Internet can potentially be a target—and they can be used as proxy for another campaign—even if the entity that owns the router does not view themselves as an intelligence target,” researchers from security firm Lumen’s Black Lotus Labs wrote . “We suspect that threat actors are going to continue to utilize multiple compromised assets in conjunction with one another to avoid detection.”

    Read 8 remaining paragraphs | Comments

    • chevron_right

      Les boîtes mail Outlook se remplissent de spams à cause d’une panne de filtre

      news.movim.eu / Numerama · Tuesday, 21 February, 2023 - 11:06

    spam

    Le filtre anti-spam d'Outlook a connu une défaillance le 20 février. Résultat, du spam et du phishing se sont mêlés aux autres mails dans la boîte de réception, encore plus qu'à l'accoutumée. [Lire la suite]

    Abonnez-vous aux newsletters Numerama pour recevoir l’essentiel de l’actualité https://www.numerama.com/newsletter/

    • chevron_right

      N’espérez pas sauver la planète en supprimant vos e-mails

      news.movim.eu / Numerama · Sunday, 15 January, 2023 - 16:20

    On entend souvent que vider sa boîte mail serait un geste important pour la planète, afin de réduire son empreinte carbone. Pourtant, envoyer moins de courriels est un geste inefficace pour le climat. Dans The Conversation, 3 experts déboulonnent ce mythe tenace. [Lire la suite]

    Abonnez-vous aux newsletters Numerama pour recevoir l’essentiel de l’actualité https://www.numerama.com/newsletter/

    • chevron_right

      Still using Gmail’s old design? Soon you’ll be forced to stop

      news.movim.eu / ArsTechnica · Wednesday, 9 November, 2022 - 17:56

    • The new Gmail. It's blue and has a big sidebar, but there are options to tweak both of these big changes. [credit: Google ]

    Starting this month, users who have been holding out on the new Gmail design introduced earlier this year will be forced to switch .

    The latest design was first introduced as an opt-in update in February and then became opt-out this summer. Now it's just Gmail, full stop.

    The design didn't change too much about how Gmail works; it mostly just changed the color scheme—gone is the Gmail-brand red styling in favor of a more neutral and blue-ish-by-default look in line with the company's "Material You" design principles. You can tweak the coloring yourself anyway.

    Read 7 remaining paragraphs | Comments

    • chevron_right

      Vous détestez la nouvelle interface de Gmail ? Tant pis pour vous

      news.movim.eu / Numerama · Wednesday, 9 November, 2022 - 11:05

    Gmail

    Google ne laissera plus la possibilité de retourner à l'ancienne interface de Gmail. Le retrait de l'option est prévu pour novembre [Lire la suite]

    Abonnez-vous aux newsletters Numerama pour recevoir l’essentiel de l’actualité https://www.numerama.com/newsletter/