Security News

SMTP Smuggling: New Flaw Lets Attackers Bypass Security and Spoof Emails
2024-01-03 10:42

A new exploitation technique called Simple Mail Transfer Protocol (SMTP) smuggling can be weaponized by threat actors to send spoofed emails with fake sender addresses while bypassing security...

Integris Health patients get extortion emails after cyberattack
2023-12-26 20:03

Integris Health patients in Oklahoma are receiving blackmail emails stating that their data was stolen in a cyberattack on the healthcare network, and if they did not pay an extortion demand, the data would be sold to other threat actors. "INTEGRIS Health discovered potential unauthorized activity on certain systems," reads a data privacy notice on Integris Health's website.

Fake F5 BIG-IP zero-day warning emails push data wipers
2023-12-20 21:52

The Israel National Cyber Directorate warns of phishing emails pretending to be F5 BIG-IP zero-day security updates that deploy Windows and Linux data wipers. In November, a new data wiper called BiBi Wiper was discovered that targeted both Linux and Windows devices and is believed to have been created by pro-Hamas hacktivists.

Cybercrooks book a stay in hotel email inboxes to trick staff into spilling credentials
2023-12-20 21:30

Cybercriminals are preying on the inherent helpfulness of hotel staff during the sector's busy holiday season. When the staff then responds by requesting more information, the attacker sends a message directing the staff to open a link that supposedly contains evidence supporting their claim.

Microsoft seizes websites used to sell phony email accounts to Scattered Spider and other crims
2023-12-14 21:54

Microsoft has taken down US-based infrastructure and websites used by a cybercrime group to sell fraudulent online accounts to other crooks including Scattered Spider, the infamous social-engineering and extortion crew that hacked two Las Vegas casinos over the summer. The gang, Storm-1152, is the "Number one seller and creator of fraudulent Microsoft accounts" and has listed for sale 750 million of these, according to Amy Hogan-Burney, Microsoft's associate general counsel for cybersecurity policy and protection.

Surprise! Email from personal.

information.reveal@gmail.com is not going to contain good news
2023-12-14 09:55

Karakurt, a particularly nasty extortion gang that uses "Extensive harassment" to pressure victims into handing over millions of dollars in ransom payments after compromising their IT infrastructure, pose a "Significant challenge" for network defenders, we're told. So to help organizations avoid getting caught by this crew, the FBI, and the US government's Cybersecurity and Infrastructure Security Agency, Treasury Department, and Financial Crimes Enforcement Network released an extensive list of vulnerabilities and methods the gang exploits and uses for initial access, the software tools they abuse to snoop around and steal data, and the payment wallets and even email addresses used in the group's extortion attacks.

BazarCall attacks abuse Google Forms to legitimize phishing emails
2023-12-13 20:34

A new wave of BazarCall attacks uses Google Forms to generate and send payment receipts to victims, attempting to make the phishing attempt appear more legitimate. BazarCall, first documented in 2021, is a phishing attack utilizing an email resembling a payment notification or subscription confirmation to security software, computer support, streaming platforms, and other well-known brands.

Microsoft: Outlook email sending issues for users with lots of folders
2023-12-08 18:46

Microsoft has acknowledged a new issue affecting Outlook for Microsoft 365 users and causing email-sending problems for those with too many nested folders. While Microsoft is currently investigating this newly acknowledged issue, it also provided affected customers with some tips to workaround the email sending problems.

Microsoft fixes Outlook Desktop crashes when sending emails
2023-12-04 21:30

Microsoft has fixed a known issue causing Outlook Desktop clients to crash when sending emails from Outlook.com accounts. The known issue only impacts Outlook for Microsoft 365 users and those in the Current Channel channel using Outlook build 17029.

Google Unveils RETVec - Gmail's New Defense Against Spam and Malicious Emails
2023-11-30 13:08

Google has revealed a new multilingual text vectorizer called RETVec (short for Resilient and Efficient Text Vectorizer) to help detect potentially harmful content such as spam and malicious...