Security News
A zero-day flaw in the Zimbra Collaboration email software was exploited by four different groups in real-world attacks to pilfer email data, user credentials, and authentication tokens. "Most of...
Wing Security, a SaaS security company, announced yesterday that their SaaS shadow IT discovery methods now include a solution that solves for auto-email forwarding as well. Bad actors can use these email forwarding rules to exfiltrate data after a successful attack, or as a means to spread phishing campaigns within organizations.
In a Monday advisory, Microsoft warned Outlook.com users about issues they might encounter when sending emails containing attachments. Outlook.com users impacted by this known issue are seeing "Error code 550 5.7.520 Message blocked" errors when trying to send emails.
Hilb Group has warned more than 81,000 people that around the start of 2023 criminals broke into the work email accounts of its employees and may have stolen a bunch of sensitive personal information. In a notification to the Maine Attorney General's office on Thursday, the biz said miscreants accessed people's first and last names and sensitive financial data and credentials.
The Clark County School District in Nevada is dealing with a potentially massive data breach, as hackers email parents their children's' data that was allegedly stolen during a recent cyberattack. "On approximately October 5, 2023, Clark County School District became aware of a cybersecurity incident impacting its email environment," reads a statement from the Clark County School District.
Humans are still better at crafting phishing emails compared to AI, but not by far and likely not for long, according to research conducted by IBM X-Force Red. Creating phishing emails: Humans vs. AI. The researchers wanted to see whether ChatGPT is as capable of writing a "Good" phishing email as attackers are.
Academic researchers created a new speculative side-channel attack they named iLeakage that works on all recent Apple devices and can extract sensitive information from the Safari web browser. [...]
The Winter Vivern cyber spy group is exploiting an XSS zero-day vulnerability in attacks on European governments. Researchers at ESET, who discovered the activity, didn't name the specific government entities it targeted but given Winter Vivern's nexus to Russia and Belarus, they are likely to be adversaries of those countries.
Their phishing messages impersonated the Outlook Team and tried to trick potential victims into opening malicious emails, automatically triggering a first-stage payload that exploited the Roundcube email server vulnerability. "The final JavaScript payload [.] is able to list folders and emails in the current Roundcube account, and to exfiltrate email messages to the C&C server."
Hacker Stephanie "Snow" Carruthers and her team found phishing emails written by security researchers saw a 3% better click rate than phishing emails written by ChatGPT. An IBM X-Force research project led by Chief People Hacker Stephanie "Snow" Carruthers showed that phishing emails written by humans have a 3% better click rate than phishing emails written by ChatGPT. The research project was performed at one global healthcare company based in Canada. In order to get ChatGPT to write an email that lured someone into clicking a malicious link, the IBM researchers had to prompt the LLM. They asked ChatGPT to draft a persuasive email taking into account the top areas of concern for employees in their industry, which in this case was healthcare.