Security News

Conduct regular security training, especially with staff members who work with sensitive data and with executives who are often the targets of BEC. This should include live instruction, security awareness training videos and testing, and phishing simulation testing that use current, real-world attacks as examples. Finally, gamifying the cyber-aware culture by rewarding the employee with "Most reported emails" or the "Fastest reporter" promotes contributing to the overall security posture of the organization while keeping reporting engaging and fun.

Microsoft has shared a temporary fix for a known issue preventing Microsoft 365 customers from replying to encrypted emails using the Outlook Desktop client. Affected customers will receive error messages stating, "Microsoft Outlook was not able to create a message with restricted permission" when trying to reply to messages using Microsoft encryption.

Cybersecurity researchers have uncovered an ongoing social engineering campaign that bombards enterprises with spam emails with the goal of obtaining initial access to their environments for...

Since April, millions of phishing emails have been sent through the Phorpiex botnet to conduct a large-scale LockBit Black ransomware campaign. The LockBit Black encryptor deployed in these attacks is likely built using the LockBit 3.0 builder leaked by a disgruntled developer on Twitter in September 2022.

AT&T's email servers are blocking connections from Microsoft 365 due to a "High volume" spam wave originating from Microsoft's service. Starting on Monday, AT&T customers began reporting they could no longer receive email from Microsoft 365 email addresses.

The NSA and FBI warned that the APT43 North Korea-linked hacking group exploits weak email Domain-based Message Authentication Reporting and Conformance policies to mask spearphishing attacks. Together with the U.S. State Department, the two agencies cautioned that the attackers abuse misconfigured DMARC policies to send spoofed emails which appear to come from credible sources such as journalists, academics, and other experts in East Asian affairs.

The U.S. government on Thursday published a new cybersecurity advisory warning of North Korean threat actors' attempts to send emails in a manner that makes them appear like they are from...

While every organization across every vertical is at risk of advanced email attacks, certain industries periodically become the go-to target for threat actors. In this Help Net Security video, Mick Leach, Field CISO at Abnormal Security, discusses why the automotive industry is the new most popular target for business email compromise and vendor email compromise attacks.

56% of all 2023 claims were a result of funds transfer fraud or business email compromise, highlighting the importance of email security as a critical aspect of cyber risk management, according to Coalition. The 2024 Cyber Claims Report is based on reported claims data from January 1 to December 31, 2023.

Microsoft has announced plans to fight spam by imposing a daily Exchange Online bulk email limit of 2,000 external recipients starting January 2025.Exchange Online doesn't support sending bulk or high volumes of emails from a single account, and until now, Microsoft has not placed any restrictions on bulk emails.