Security News

Domain registrar Namecheap had their email account breached Sunday night, causing a flood of MetaMask and DHL phishing emails that attempted to steal recipients' personal information and cryptocurrency wallets. The phishing campaigns started around 4:30 PM ET and originated from SendGrid, an email platform used historically by Namecheap to send renewal notices and marketing emails.

75% of the organizations had fallen victim to at least one successful email attack in the last 12 months, with those affected facing average potential costs of more than $1 million for their most expensive attack, according to a new Barracuda Networks report. 23% said that the cost of email attacks has risen dramatically over the last year.

Between July-December 2022, the median open rate for text-based business email compromise attacks was nearly 28%, according to Abnormal Security. "Human beings are relatively easy to manipulate, and employers' expectations regarding the ability of the average employee to identify these modern attacks are far too high. It is much safer to prevent a threat from reaching an employee's inbox than to rely on them to try to detect these sophisticated attacks on their own," Hassold continued.

Money Lover is a finance app allowing users to manage their expenses and budgets that has been downloaded five million times on the Play Store, with the app also available for iOS and Windows. Money Lover allows users to create "Shared wallets" with specific users, like family members or coworkers, to log transactions to collaborate in expense logging and monitoring.

Microsoft is investigating and working on addressing an ongoing outage affecting the company's Outlook webmail service. According to information shared via the company's Microsoft 365 Status Twitter account, Redmond is performing targeted restarts to portions of the infrastructure impacted by a recent change.

Microsoft on Tuesday said it took steps to disable fake Microsoft Partner Network accounts that were used for creating malicious OAuth applications as part of a malicious campaign designed to breach organizations' cloud environments and steal email.On top of that, Microsoft said it implemented additional security measures to improve the vetting process associated with the Microsoft Cloud Partner Program and minimize the potential for fraud in the future.

Malicious third-party OAuth apps with an evident "Publisher identity verified" badge have been used by unknown attackers to target organizations in the UK and Ireland, Microsoft has shared. Targets in these organizations who have fallen for the trick effectively allowed these rogue apps to access to their O365 email accounts and infiltrate organizations' cloud environments.

All company communication needs may vary but certain standard template messages can come in handy for IT staff to keep employees up to date on "Need to know" informational bulletins. A formal set of message templates will allow you to deliver both event-based and proactive communications, which ensures that everyone is up to speed on critical developments, projects and company policies.

For organizations, deciding what email encryption solution to use is often not so simple and, generally speaking, there is no single correct answer. Best-effort opportunistic encryption methods such as Outlook Message Encryption and various third-party solutions have the benefit of being easy to use.

GPT-3 language models are being abused to do much more than write college essays, according to WithSecure researchers. Perhaps unsurprisingly, GPT-3 proved to be helpful at crafting a convincing email thread to use in a phishing campaign and social media posts, complete with hashtags, to harass a made-up CEO of a robotics company.