Security News

Hotmail users worldwide have problems sending emails, with messages flagged as spam or not delivered after Microsoft misconfigured the domain's DNS SPF record. The email issues began late last night, with users and admins reporting on Reddit, Twitter, and Microsoft forums that their Hotmail emails were failing due to SPF validation errors.

A new "Mass-spreading" social engineering campaign is targeting users of the Zimbra Collaboration email server with an aim to collect their login credentials for use in follow-on operations. "Initially, the target receives an email with a phishing page in the attached HTML file," ESET researcher Viktor Šperka said in a report.

An ongoing phishing campaign has been underway since at least April 2023 that attempts to steal credentials for Zimbra Collaboration email servers worldwide. According to the ESET researchers, the attacks start with a phishing email pretending to be from an organization's admin informing users of an imminent email server update, which will result in temporary account deactivation.

ImmuniWeb Community Edition: Introducing free email security test. To help companies and organizations to quickly assess their exposure to email-related security, privacy and compliance risks, ImmuniWeb has recently enhanced its Community Edition with a free email security test available online.

Infosec in brief The July breach of Microsoft Exchange Online by suspected Chinese hackers is the next topic up for review by the Department of Homeland Security's Cyber Safety Review Board. The decision to investigate the July Outlook intrusion, and cloud security more broadly, was welcomed by senator Ron Wyden, who last week blamed Microsoft for its failure to protect cloud accounts belonging to US government officials and called for the CSRB to investigate the incident.

The Knight ransomware is being distributed in an ongoing spam campaign that pretends to be TripAdvisor complaints. Knight ransomware is a recent rebrand of the Cyclop Ransomware-as-a-Service, which switched its name at the end of July 2023.

The Department of Homeland Security's Cyber Safety Review Board has announced plans to conduct an in-depth review of cloud security practices following recent Chinese hacks of Microsoft Exchange accounts used by US government agencies. In mid-July 2023, Microsoft reported that a Chinese hacking group tracked as 'Storm-0558' breached the email accounts of 25 organizations, including US and Western European government agencies, using forged authentication tokens from a stolen Microsoft consumer signing key.

A sophisticated Facebook phishing campaign has been observed exploiting a zero-day flaw in Salesforce's email services, allowing threat actors to craft targeted phishing messages using the company's domain and infrastructure. What makes the attack notable is that the phishing kit is hosted as a game under the Facebook apps platform using the domain apps.

As a result of growing access to easy-to-use generative AI tools such as OpenAI's ChatGPT, malicious actors can now attempt more sophisticated attacks with alarming simplicity and regularity. Email continued to be the main vector for delivering malicious content, with as many as 1 in every 100 emails sent in the first half of 2023 found to be malicious.

The U.S. Cybersecurity and Infrastructure Security Agency on Friday disclosed details of a "Novel persistent backdoor" called SUBMARINE deployed by threat actors in connection with the hack on Barracuda Email Security Gateway appliances. The findings come from an analysis of malware samples obtained from an unnamed organization that had been compromised by threat actors exploiting a critical flaw in ESG devices, CVE-2023-2868, which allows for remote command injection.