Security News
More than half of global airlines do not have DMARC policies in place, opening their customers up to email fraud attacks, a new report found. "Overall, major global carriers are failing to implement adequate email protection - leaving themselves open to phishing, impersonation attacks and other unauthorized use of corporate domains. This is despite email remaining the number one threat vector for cybercriminals," according to Adenike Cosgrove with Proofpoint in a Tuesday report.
Details and PoC for critical SharePoint RCE flaw releasedA "Wormable" remote code execution flaw in the Windows DNS Server service temporarily overshadowed all the other flaws patched by Microsoft on July 2020 Patch Tuesday, but CVE-2020-1147, a RCE affecting Microsoft SharePoint, was also singled out as critical and requiring a speedy fix. Microsoft releases new encryption, data security enterprise toolsMicrosoft has released several new enterprise security offerings to help companies meet the challenges of remote work.
To select a suitable DMARC solution for your business, you need to think about a variety of factors. API Integration with the DMARC solution will allow you to tailor the solution into your enterprise reporting & analysis tools.
Adoption of the email security protocol DMARC has continued to tick upwards, with the number of domains deploying DMARC records surpassing 1 million in the last two years - a 2.5 times greater total than in 2018. According to Tessian, out of the 60 percent of universities that do have DMARC in place, the DMARC policies have not been set up to quarantine or outright reject any emails from unauthorized senders using its domains.
A credential-phishing attempt that relies on impersonating Bank of America has emerged in the U.S. this month, with emails that get around secure gateway protections and heavy-hitting protections like DMARC. The campaign involves emails that ask recipients to update their email addresses, warning users that their accounts could be recycled if this isn't done. "This ensured that the email wasn't caught in the bulk email filters provided by native Microsoft email security or the Secure Email Gateway."
April is a time for tax-related phishing scams, and we haven't been let down this year despite the dominance of COVID-19-themed phishing campaigns. Security firm Abnormal Security discovered a phishing email giving a single day for the recipient to respond and claim an outstanding tax rebate from HMRC for '550.11 GBP'. The email contains an obfuscated link to a webpage masquerading as a Gov.uk page.
Nearly one million domains use DMARC, but only 13% of them are configured to actually prevent email spoofing, according to a report published this week by anti-phishing solutions provider Valimail. DMARC is an email authentication, policy, and reporting protocol designed to detect and prevent email spoofing.
As of January 2020, nearly 1 million domains have published DMARC records - an increase of 70% compared to last year, and more than 180% growth in the last two years. Just 13% of all DMARC records are configured with enforcement policies, demonstrating that interest in DMARC is increasing but DMARC expertise is not keeping pace.
In a new study on DMARC usage and success, email cybersecurity company Vailmail found that spoof attempts drop to nearly zero "Within a few months after that domain moves to DMARC enforcement." There has been a steady increase in organizations using Domain-based Message Authentication, Reporting, and Conformance as a security measure against domain spoofing but enforcement continues to be the main struggle for most enterprises. Nearly 80 percent of US federal government domains have DMARC records and of those 93%. These high numbers are due mostly to a Department of Homeland Security directive in 2017 mandating DMARC at enforcement for most executive branch domains by January 2018.
DMARC can prevent spammers from using a trusted domain name to send junk mail, a useful tactic for the presidential campaigns and for your organization, according to security provider Valimail.