Category: Email security

Application security, Email security

Google introduces many G Suite security enhancements

April 15, 2019

Via: Help Net Security

Last week, the big news from Google Cloud Next 2019 was that phones running Android 7.0 or higher can be turned into a security key for G Suite account 2-step verification. But at the event Google also announced a number […]

Email security, Network security, Security

Hackers could read users’ Outlook, Hotmail, and MSN email via compromised Microsoft support account

April 15, 2019

Via: Hot for Security

Over the weekend Microsoft confirmed that a “limited” number of webmail accounts had been compromised, allowing hackers to access users’ email addresses, folder names, subject lines, and the names of other email addresses with whom they corresponded. The tech […]

Email security, Phishing

New, Improved BEC Campaigns Target HR and Finance

April 5, 2019

Via: Dark Reading

Spearphishing campaigns from new and established business email compromise (BEC) gangs are stealing from companies using multiple tactics. A wave of business email compromise (BEC) campaigns targeting direct-deposit payroll information demonstrate once again that sophisticated technical skills aren’t necessary when […]

Email security, Mobile security, Network security

Kushner accused of using WhatsApp, personal email to conduct official business: report

March 22, 2019

Via: The Hill

The House Oversight and Reform Committee has obtained information that senior White House adviser and President Trump’s son-in-law Jared Kushner. Committee Chairman Elijah Cummings (D-Md.) wrote in a letter to White House counsel Pat Cipollone on Thursday that the panel […]

Email security, Malware, Phishing

Accidental data breaches are often compounded by a failure to encrypt

February 25, 2019

Via: Help Net Security

83 percent of security professionals believe that employees have accidentally exposed customer or business sensitive data at their organization. Accidental data breaches are often compounded by an organizational failure to encrypt data prior to it being shared – both internally […]

Email security, Phishing

Attack Campaign Experiments with Rapid Changes in Email Lure Content

February 22, 2019

Via: Dark Reading

It’s like polymorphic behavior – only the changes are in the email lures themselves, with randomized changes to headers, subject lines, and body content. A new email Trojan campaign spotted by security researchers has added another twist in evasive attacker […]

Email security, Phishing

Phishers’ new trick for bypassing email URL filters

February 20, 2019

Via: Help Net Security

Phishers have come up with another trick to make Office documents carrying malicious links undetectable by many e-mail security services: they delete the links from the document’s relationship file (xml.rels). The trick has been spotted being used in a email […]

Email security, Identity theft, Network security

Cybercriminals Exploit Gmail Feature to Scale Up Attacks

February 6, 2019

Via: Dark Reading

Criminals are taking advantage of Gmail’s ‘dots don’t matter’ feature to set up multiple fraudulent accounts on websites, using variations of the same email address, Agari says. Some cybercriminals are taking advantage of a long-standing feature in Google Gmail designed […]

Email security, Phishing

Employees report 23,000 phishing incidents annually, costing $4.3 million to investigate

February 1, 2019

Via: Help Net Security

Account takeover-based (ATO) attacks now comprise 20 percent of advanced email attacks, according to Agari’s Q1 2019 Email Fraud & Identity Deception Trends report. ATO attacks are dangerous because they are more difficult to detect than traditional attacks – compromised […]

Email security, Network security

DHS Warns Federal Agencies of DNS Hijacking Attacks

January 23, 2019

Via: Security Week

The U.S. Department of Homeland Security (DHS) on Tuesday issued an emergency directive instructing federal agencies to prevent and respond to DNS hijacking attacks. The DHS’s Cybersecurity and Infrastructure Security Agency (CISA) has been tracking incidents involving DNS hijacking and […]