Security News

Mil US military addresses were actually directed at. As a result of that one-character typo, medical data, identity documents, maps of military installations, travel itineraries, bookings for high-ranking military leaders, and more have been fired off at.

Zimbra has warned of a critical zero-day security flaw in its email software that has come under active exploitation in the wild. Additional details about the flaw are currently unavailable.

An unnamed Federal Civilian Executive Branch agency in the U.S. detected anomalous email activity in mid-June 2023, leading to Microsoft's discovery of a new China-linked espionage campaign targeting two dozen organizations. The details come from a joint cybersecurity advisory released by the U.S. Cybersecurity and Infrastructure Security Agency and Federal Bureau of Investigation on July 12, 2023.

A Chinese hacking group has breached the email accounts of more than two dozen organizations worldwide, including U.S. and Western European government agencies, according to Microsoft. "Microsoft investigations determined that Storm-0558 gained access to customer email accounts using Outlook Web Access in Exchange Online and Outlook.com by forging authentication tokens to access user email," Microsoft said in a blog post published late Tuesday evening.

Sophisticated hackers have accessed email accounts of organizations and government agencies via authentication tokens they forged by using an acquired Microsoft account consumer signing key, the company has revealed on Tuesday. "The threat actor Microsoft links to this incident is an adversary based in China that Microsoft calls Storm-0558. We assess this adversary is focused on espionage, such as gaining access to email systems for intelligence collection."

While the number of new ransomware variants continues to decline, ransomware attacks' severity remains significant. In the first half of 2023 alone, the number of email-based phishing attacks has surged 464% when compared to 2022.

Email and network security firm Barracuda is working to fix an ongoing issue that triggers invalid login errors and prevents Email Gateway Defense users from signing into their accounts. "We are investigating login problems seen by users and have identified the problem. We are working on fixing the issue with a tentative timeline for the fix to be released on or before July 14th," Barracuda says.

Microsoft is investigating an ongoing issue preventing Outlook.com users from searching their emails and triggering 401 exception errors. "Our initial review of Outlook.com server logs, in parallel with HTTP Archive format logs captured during an internal reproduction of impact, indicates 401 errors are occurring due to an exception when users attempt to perform the search," Microsoft says on the service health portal.

Attackers use various tactics to access sensitive information, such as email account compromise and using a legitimate email address to initiate the attack. In a more insidious attack, an attacker may compromise an existing employee's email account from the inside.

Only 3.54% of of insurance companies have correctly implemented basic phishing and spoofing protection, according to EasyDMARC. DMARC standard adoption. The survey reviewed the deployment of the Domain-based Message Authentication, Reporting and Conformance standard among the domains of insurance companies.