Security News

NSA warns of North Korean hackers exploiting weak DMARC email policies
2024-05-03 19:16

The NSA and FBI warned that the APT43 North Korea-linked hacking group exploits weak email Domain-based Message Authentication Reporting and Conformance policies to mask spearphishing attacks. Together with the U.S. State Department, the two agencies cautioned that the attackers abuse misconfigured DMARC policies to send spoofed emails which appear to come from credible sources such as journalists, academics, and other experts in East Asian affairs.

Gmail & Yahoo DMARC rollout: When cyber compliance gives a competitive edge
2024-02-16 06:00

As Gmail and Yahoo take steps to enforce stricter email authentication, organizations that are proactive in their DMARC compliance will not only enhance their security posture but also gain a significant advantage: improved email deliverability translates into better engagement rates, bolstering sales and revenue. Thus, DMARC compliance is not merely about meeting a standard but seizing an opportunity to stand out in a crowded digital marketplace.

Microsoft 365 email senders urged to implement SPF, DKIM and DMARC
2023-10-09 10:27

In the wake of Google's announcement of new rules for bulk senders, Microsoft is urging Microsoft 365 email senders to implement SPF, DKIM and DMARC email authentication methods. "These Domain Name Service email authentication records verify that you are the legitimate sender of your email and prevent spoofing and phishing attacks," Microsoft noted.

Implementing DMARC to eliminate phishing emails
2021-10-28 05:00

Phishers readily deploy attacks, with the average phishing campaign lasting only 12 minutes, according to Google, which reports blocking 100 million phishing emails per day. Implementing DMARC eliminates the most common attack vector - phishing emails - and adds another layer of protection.

How Does DMARC Prevent Phishing?
2021-09-27 04:21

DMARC is a global standard for email authentication. Recipients can detect phishing emails sent from a spoofed company domain by examining the email header information, such as the "From:" address and "Return-path" address, and verifying that they match.

DMARC: The First Line of Defense Against Ransomware
2021-06-28 02:47

Wouldn't it be nice if you could prevent a ransomware attack from occurring in the first place? DMARC can make this seemingly impossible claim a possibility for domain owners! DMARC is also known as the first line of defense against Ransomware.

Only 14% of domains worldwide truly protected from spoofing with DMARC enforcement
2021-03-23 05:00

While the DMARC enforcement rate increases, 3 billion messages per day are still spoofing the sender's identity, Valimail reveals. DMARC protected domains: Key findings Three billion messages per day are spoofing the sender identity used in their "From" fields.

How DMARC Can Stop Criminals Sending Fake Emails on Behalf of Your Domain
2020-12-07 02:47

DMARC enforces the use of a combination ofSPF andDKIM email authentication technologies to ensure only real emails are delivered to the end receivers. Without DMARC, all emails sent from the email domain of your business reaches the receiver's inbox without any security check or validation.

Airline DMARC Policies Lag, Opening Flyers to Email Fraud
2020-08-19 13:04

More than half of global airlines do not have DMARC policies in place, opening their customers up to email fraud attacks, a new report found. "Overall, major global carriers are failing to implement adequate email protection - leaving themselves open to phishing, impersonation attacks and other unauthorized use of corporate domains. This is despite email remaining the number one threat vector for cybercriminals," according to Adenike Cosgrove with Proofpoint in a Tuesday report.

Week in review: PoC for wormable SharePoint RCE released, how to select a DMARC solution
2020-07-26 08:00

Details and PoC for critical SharePoint RCE flaw releasedA "Wormable" remote code execution flaw in the Windows DNS Server service temporarily overshadowed all the other flaws patched by Microsoft on July 2020 Patch Tuesday, but CVE-2020-1147, a RCE affecting Microsoft SharePoint, was also singled out as critical and requiring a speedy fix. Microsoft releases new encryption, data security enterprise toolsMicrosoft has released several new enterprise security offerings to help companies meet the challenges of remote work.