Security News

Microsoft's Security Intelligence team recently investigated a business email compromise attack and found that attackers move rapidly, with some steps taking mere minutes. BEC attacks are a type of cyberattack where the attacker gains access to an email account of the target organization through phishing, social engineering, or buying account credentials on the dark web.

The Sandbox blockchain game is warnings its community that a security incident caused some users to receive fraudulent emails impersonating the game, trying to infect them with malware. The Sandbox is a blockchain-based open-world multiplayer game with over 350,000 active monthly users, offering them ways to build, own, and monetize interactive content like virtual worlds, items, and experiences.

The Australian Federal Police arrested a woman in Werrington, Sydney, for allegedly email bombing the office of a Federal Member of Parliament. Email bombing is an online attack where attackers bombard an email address with thousands of emails to overwhelm a recipient's inbox or mail server.

Google continued its client-side encryption rollout, the feature generally available to some Gmail and Calendar users who can now send and receive encrypted messages and meeting invites. It follows a client-side encryption beta program for these same enterprise and education users that Google launched late last year.

BEC attacks have become increasingly prevalent in recent years, with cybercriminals using a variety of tactics to gain access to sensitive information and steal money from businesses. While many people may assume that these attacks are primarily an English language phenomenon, the truth is that they can occur in multiple languages.

A hole in a Department of Defense email server operated by Microsoft left more than a terabyte of sensitive data exposed less than a month after Office 365 was awarded a higher level of US government security accreditation. According to security researcher Anurag Sen, who discovered the issue and shared it, the openly accessible server was part of an internal mailbox system hosted on Azure Government Cloud and used by the DoD for a variety of purposes - including the processing of security clearance paperwork.

According to reports from an increasing number of Microsoft customers, Outlook inboxes have been flooded with spam emails over the last nine hours because email spam filters are currently broken. This ongoing issue was confirmed by countless Outlook users who have reported that all messages were landing in their inboxes, even those that would have been previously tagged as spam and sent to the junk folder.

In a preprint paper titled, "Forward Pass: On the Security Implications of Email Forwarding Mechanism and Policy," scheduled to appear at the 8th IEEE European Symposium on Security and Privacy in July, authors Enze Liu, Gautam Akiwate, Mattijs Jonker, Ariana Mirian, Grant Ho, Geoffrey Voelker, and Stefan Savage show that email messages can be easily spoofed despite the existence of supposed defenses. The researchers, affiliated with UC San Diego and Stanford University in the US, and University of Twente in the Netherlands, reveal that attackers can still easily take advantage of security issues arising from email forwarding.

Domain registrar Namecheap blamed a "Third-party provider" that sends its newsletters after customers complained of receiving phishing emails from Namecheap's system. More than one customer noted that the emails - which purported to be from DHL and crypto-asset wallet provider MetaMask - were digitally signed with DKIM and received at distinct emails they'd assigned solely for comms with Namecheap.

A surge of phishing emails impersonating DHL and MetaMask have started hitting inboxes of Namecheap customers last week, attempting to trick recipients into sharing personal information or sharing their crypto wallet's secret recovery phrase. The emails look like they were sent by Namecheap, prompting recipients to complain to the company, which then started an investigation and soon after reacted by stopping all the emails.