Security News

How to digitally sign email in Apple Mail
2021-10-21 14:56

Digitally signing an email might not be a singular means to a secure end, but it can at least help recipients of your email better trust the missives you send them. Some email clients make digitally signing easier than others.

NHS Digital exposes hundreds of email addresses after BCC blunder copies in entire invite list to 'Let's talk cyber' event
2021-10-20 11:28

NHS Digital has scored a classic Mail All own-goal by dispatching not one, not two, not three, but four emails concerning an infosec breakfast briefing, each time copying the entirety of the invite list in on the messages. The first email sent yesterday morning thanked participants for "Registering for NHS Digital's Full Digital Breakfast: Let's talk cyber, scheduled for Thursday 21 October 2021, 8:00-9:00am."

A New Variant of FlawedGrace Spreading Through Mass Email Campaigns
2021-10-19 21:12

Cybersecurity researchers on Tuesday took the wraps off a mass volume email attack staged by a prolific cybercriminal gang affecting a wide range of industries, with one of its region-specific operations notably targeting Germany and Austria. Enterprise security firm Proofpoint tied the malware campaign with high confidence to TA505, which is the name assigned to the financially motivated threat group that's been active in the cybercrime business since at least 2014, and is behind the infamous Dridex banking trojan and other arsenals of malicious tools such as FlawedAmmyy, FlawedGrace, Neutrino botnet, and Locky ransomware, among others.

Email phishing crapcannon operators TA505 are back from the dead, researchers warn
2021-10-19 17:15

A prolific email phishing threat actor - TA505 - is back from the dead, according to enterprise security software slinger Proofpoint. TA505, which was last active in 2020, restarted its mass emailing campaigns in September - armed with new malware loaders and a RAT. "Many of the campaigns, especially the large volume ones, strongly resemble the historic TA505 activity from 2019 and 2020," said Proofpoint in a statement today.

3D printing site Thingiverse suffers breach of 228,000 email addresses amid sluggish disclosure
2021-10-14 16:03

Thingiverse, a site that hosts free-to-use 3D printer designs, has suffered a data breach - and at least 228,000 unlucky users' email addresses have been circulating on black-hat crime forums. News of the breach came from Have I Been Pwned, whose maintainer Troy Hunt uploaded the 228,000 breached email addresses to the site after being tipped off to their circulation on the forums.

Schools email marketing company told us to go away when we told them of exposed database creds, say infoseccers
2021-10-12 09:15

An email marketing company claiming to hold details on a million UK teachers and school admin personnel was potentially exposing those to the public internet thanks to a misconfigured error page on its website. Not only that, but the Schools Marketing Company seemingly dismissed the findings of the infosec company which spotted the flaw when the infoseccers tried to draw its attention to the problem.

Twitch Leak Included Emails, Password: Researcher
2021-10-07 20:25

It's a horrific leak that included the Amazon-owned service's source code, comments dating back to the dawn of Twitch time, security tools, an unreleased Amazon Game Studios competitor to Steam, a list of of the highest-paid channels plus how much they were paid, and more. On Wednesday, Twitch disclosed that "Some data" was exposed to the internet due to "An error in a Twitch server configuration change that was subsequently accessed by a malicious third party." It said that its teams were urgently investigating, but that it hadn't found any evidence that login credentials had been exposed.

Credential Spear-Phishing Uses Spoofed Zix Encrypted Email
2021-09-28 10:00

Armorblox researchers have spotted an ongoing credential-phishing attack that spoofs an encrypted Zix email - one coming, weirdly enough, from what looks like a legitimate domain associated with the Baptist religion. God isn't sending encrypted Zix messages: If hapless users click on the spoofed email's link, it will try to download a presumably unholy HTML file onto their system.

Emails, chat logs, more leaked online from far-right militia linked to US Capitol riot
2021-09-28 06:17

FBI accused of withholding ransomware key as part of REvil probe. The FBI had obtained a key to undo a flood of ransomware infections but sat on it for a while in an attempt to strike at the malware operators, it's claimed.

Google apologizes for scaring Cloud users with 'past due' emails
2021-09-24 18:57

Google has apologized for a wave of emails warning Google Cloud Platform, Firebase, or API customers that their accounts may be suspended for a past due balance. Users began receiving these emails on September 22nd, which warned that their account was "Past due or does not have valid payment information".