Security News

The Australian Federal Police arrested a woman in Werrington, Sydney, for allegedly email bombing the office of a Federal Member of Parliament. Email bombing is an online attack where attackers bombard an email address with thousands of emails to overwhelm a recipient's inbox or mail server.

Google continued its client-side encryption rollout, the feature generally available to some Gmail and Calendar users who can now send and receive encrypted messages and meeting invites. It follows a client-side encryption beta program for these same enterprise and education users that Google launched late last year.

BEC attacks have become increasingly prevalent in recent years, with cybercriminals using a variety of tactics to gain access to sensitive information and steal money from businesses. While many people may assume that these attacks are primarily an English language phenomenon, the truth is that they can occur in multiple languages.

A hole in a Department of Defense email server operated by Microsoft left more than a terabyte of sensitive data exposed less than a month after Office 365 was awarded a higher level of US government security accreditation. According to security researcher Anurag Sen, who discovered the issue and shared it, the openly accessible server was part of an internal mailbox system hosted on Azure Government Cloud and used by the DoD for a variety of purposes - including the processing of security clearance paperwork.

According to reports from an increasing number of Microsoft customers, Outlook inboxes have been flooded with spam emails over the last nine hours because email spam filters are currently broken. This ongoing issue was confirmed by countless Outlook users who have reported that all messages were landing in their inboxes, even those that would have been previously tagged as spam and sent to the junk folder.

In a preprint paper titled, "Forward Pass: On the Security Implications of Email Forwarding Mechanism and Policy," scheduled to appear at the 8th IEEE European Symposium on Security and Privacy in July, authors Enze Liu, Gautam Akiwate, Mattijs Jonker, Ariana Mirian, Grant Ho, Geoffrey Voelker, and Stefan Savage show that email messages can be easily spoofed despite the existence of supposed defenses. The researchers, affiliated with UC San Diego and Stanford University in the US, and University of Twente in the Netherlands, reveal that attackers can still easily take advantage of security issues arising from email forwarding.

Domain registrar Namecheap blamed a "Third-party provider" that sends its newsletters after customers complained of receiving phishing emails from Namecheap's system. More than one customer noted that the emails - which purported to be from DHL and crypto-asset wallet provider MetaMask - were digitally signed with DKIM and received at distinct emails they'd assigned solely for comms with Namecheap.

A surge of phishing emails impersonating DHL and MetaMask have started hitting inboxes of Namecheap customers last week, attempting to trick recipients into sharing personal information or sharing their crypto wallet's secret recovery phrase. The emails look like they were sent by Namecheap, prompting recipients to complain to the company, which then started an investigation and soon after reacted by stopping all the emails.

Domain registrar Namecheap had their email account breached Sunday night, causing a flood of MetaMask and DHL phishing emails that attempted to steal recipients' personal information and cryptocurrency wallets. The phishing campaigns started around 4:30 PM ET and originated from SendGrid, an email platform used historically by Namecheap to send renewal notices and marketing emails.

75% of the organizations had fallen victim to at least one successful email attack in the last 12 months, with those affected facing average potential costs of more than $1 million for their most expensive attack, according to a new Barracuda Networks report. 23% said that the cost of email attacks has risen dramatically over the last year.