Category: Email security

August 31, 2022

Ransomware gets the headlines, and phishing sets off the most alerts, but business email compromise costs enterprises the most – more than $43 billion since 2016. U.S. Secret Service agents Stephen Dougherty and Michael Johns discuss the criticality of rapid […]

August 24, 2022

While businesses are busy trying to protect themselves against ransomware attacks that spark headlines news, threat actors are sticking to one of the oldest and most effective hacking techniques—business email compromise (BEC). Enterprise security has skewed toward ransomware in recent […]

August 17, 2022

Indicted in 2019, Fombe was a fugitive for three years until he was arrested on August 6. He is charged with conspiracy to commit wire fraud and money laundering, and with aggravated identity theft. The man, aged 36, has been […]

July 1, 2022

The cyber threat landscape has intensified. Threat actors are organized and professionalized, with ransomware gangs outsourcing the first step of their operations to Initial Access Brokers. This alliance has proven profitable for both sides, as the illegal sale of initial […]

June 22, 2022

A phishing campaign is using voicemail notification messages to go after victims’ Office 365 credentials. According to researchers at ZScaler, the campaign uses spoofed emails with an HTML attachment that contains encoded javascript. The email claims that you have a […]

June 21, 2022

Cloudflare announced several new capabilities for Cloudflare One, its zero trust SASE platform, making it the only cloud-native zero trust solution with global network scale. New features for Cloudflare One include sophisticated email security protection, data loss prevention tools, cloud […]

June 10, 2022

Emotet’s resurgence in April seems to be the signal of a full comeback for what was once dubbed “the most dangerous malware in the world,” with researchers spotting various new malicious phishing campaigns using hijacked emails to spread new variants […]

May 16, 2022

The use of embedded HTML documents in phishing e-mails is a standard technique employed by cybercriminals. It does away with the need to put links in the e-mail body, which antispam engines and e-mail antiviruses usually detect with ease. HTML […]

May 11, 2022

Malicious emails with macro-enabled Word documents are spreading a never-before-seen remote-access Trojan, researchers say. Phishing emails purporting to contain COVID-19 safety information from the World Health Organization (WHO) are instead phishing lures intended to spread a novel remote-access Trojan (RAT) […]

May 5, 2022

These losses, which the FBI calls “exposed losses,” include both actual and attempted loss reported between June 2016 and December 2021. There has been an increase of 65% between 2019 and 2021, most likely due to the COVID-19 pandemic, which […]

April 21, 2022

An unpatched high-severity security flaw has been disclosed in the open-source RainLoop web-based email client that could be weaponized to siphon emails from victims’ inboxes. “The code vulnerability […] can be easily exploited by an attacker by sending a malicious […]

March 28, 2022

A new email phishing campaign has been spotted leveraging the tactic of conversation hijacking to deliver the IceID info-stealing malware onto infected machines by making use of unpatched and publicly-exposed Microsoft Exchange servers. “The emails use a social engineering technique […]

March 21, 2022

According to HubSpot, the incident occured on March 18, when a “bad actor” managed to hack into an employee account. After the breach was discovered, the impacted account’s access was terminated and the company also “removed the ability for other […]

March 14, 2022

The most recent cyberattack – and most impactful – targeted South Denver Cardiology Associates and resulted in the data of more than 287,000 patients being exfiltrated. The Colorado firm identified the attack on January 4 and later discovered that an […]

March 7, 2022

Previously, email notifications that were automatically sent to a user when someone mentioned them in a comment in a Google Workspace document only included the comment and the commenter’s name. Now, however, Google is also including the commenter’s email address […]

January 19, 2022

Phishers are trying to harvest credentials for Office 365 or other business email accounts by impersonating the U.S. Department of Labor (DOL), Inky‘s researchers have warned. The ploy? The DOL is ostensibly inviting companies to submit “proposals from qualified contractors […]

December 23, 2021

Mon Health says it became aware of the intrusion on July 28, when a vendor notified it of a payment that had not come through. An investigation launched into the matter revealed that adversaries likely had unauthorized access to the […]

November 15, 2021

Threat intelligence organization Spamhaus reported seeing more than 100,000 fake emails being sent out in two waves. The hoax emails, coming from “[email protected],” carried the subject line “Urgent: Threat actor in systems.” The message appeared to come from the DHS […]

October 19, 2021

Cybersecurity researchers on Tuesday took the wraps off a mass volume email attack staged by a prolific cybercriminal gang affecting a wide range of industries, with one of its region-specific operations notably targeting Germany and Austria. Enterprise security firm Proofpoint […]

October 18, 2021

BEC attacks are generally low-volume but, according to a recent survey by GreatHorn, 71% of organizations experienced at least one in the past year. Trend Micro’s latest research has revealed that scammers have been ramping up their efforts and that […]