Security News

Microsoft has disabled a bad anti-spam rule flooding Microsoft 365 admins' inboxes with blind carbon copies of outbound emails mistakenly flagged as spam. This false positive issue affected Exchange Online users worldwide, with many reports saying that all emails sent to external addresses were being tagged as spam.

In the wake of Google's announcement of new rules for bulk senders, Microsoft is urging Microsoft 365 email senders to implement SPF, DKIM and DMARC email authentication methods. "These Domain Name Service email authentication records verify that you are the legitimate sender of your email and prevent spoofing and phishing attacks," Microsoft noted.

To keep Gmail users' inboxes "Safer and more spam-free", Google is introducing new requirements for bulk senders. "Last year we started requiring that emails sent to a Gmail address must have some form of authentication. And we've seen the number of unauthenticated messages Gmail users receive plummet by 75%, which has helped declutter inboxes while blocking billions of malicious messages with higher precision," said Neil Kumaran, group product manager, Gmail Security & Trust.

Amazon mistakenly sent out purchase confirmation emails for Hotels.com, Google Play, and Mastercard gift cards to customers, making many worried their accounts were compromised. The emails were sent out last night, with customers reporting receiving three separate emails from Amazon Prime for each alleged gift card purchase.

Chinese snoops stole about 60,000 State Department emails when they broke into Microsoft-hosted Outlook and Exchange Online accounts belonging to US government officials over the summer. "No classified systems were hacked," said State Department spokesperson Matthew Miller during a press briefing Thursday.

Chinese hackers stole tens of thousands of emails from U.S. State Department accounts after breaching Microsoft's cloud-based Exchange email platform in May. During a recent Senate staff briefing, U.S. State Department officials disclosed that the attackers stole at least 60,000 emails from Outlook accounts belonging to State Department officials stationed in East Asia, the Pacific, and Europe, as Reuters first reported. Microsoft did not disclose specific details regarding the affected organizations, government agencies, or countries impacted by this email breach.

SAFE BROWSING. Use a modern, supported and up-to-date browser. Browsers will proactively warn users before accessing websites with expired security certificates or that are known to host malware.

Kosi Goodness Simon-Ebo, a 29-year-old Nigerian national extradited from Canada to the United States last April, pleaded guilty to wire fraud and money laundering through business email compromise. According to the plea agreement, the scammers had a high success ratio of roughly 1 to 7, making one million out of the almost seven million they attempted to steal.

Sending an email with a forged address is easier than previously thought, due to flaws in the process that allows email forwarding, according to a research team led by computer scientists at the University of California San Diego. It's called forwarding-based spoofing, and researchers found that they can send email messages impersonating these organizations, bypassing the safeguards deployed by email providers such as Gmail and Outlook.

Mistakes were made, lessons learned, stuff now fixed, says Windows maker Remember that internal super-secret Microsoft security key that China stole and used to break into US government email...