Security News

Facebook appears to have silently rolled out a tool that allows users to remove their contact information, such as phone numbers and email addresses, uploaded by others. When users sync the contact lists on their devices with Facebook, it's worth pointing out the privacy violation, which stems from the fact that those contacts didn't explicitly consent to the upload. "Someone may have uploaded their address book to Facebook, Messenger or Instagram with your contact information in it," Facebook notes in the page.

It's only a week since Elon Musk's take-private of Twitter on 28 October 2022. There's been plenty to set the fur flying, starting with Musk's curious choice of metaphor in arriving at Twitter HQ on takeover day with a kitchen sink, as though the company's products and services were already so close to complete that they needed nothing more than the aforementioned dishwashing receptacle to finish things off.

The cybercrime gang's business email compromise campaign is targeting marks in the US, Europe, Australia, and the Middle East using blind third-party impersonation tactics, via email addresses hosted on domains that closely resemble the firms' real domains, and sending emails that include the actual address and VAT number of the impersonated companies. The emails look real and if the targets were to search Google for the lawyers' or law firms' names, they would seem legitimate.

Following Musk's tweets, BleepingComputer observed newer phishing campaigns emerging with threat actors now targeting verified accounts. Like many phishing emails, these emails convey a false sense of urgency, urging the user to sign-in to their Twitter account or risk "Suspension."

In a business email compromise, generally, the attacker uses emails and social engineering techniques to have one person with financial power in a company transfer money to a bank account the attacker owns. BEC detection and blocking based on email characteristics.

Iran's Atomic Energy Organization has laughed off claims that the email systems of a subsidiary were compromised, revealing important operational data about a nuclear power plant. An activist group that calls itself Black Reward and claims to be from Iran took to Telegram last Friday with claims it had accessed an email server run by a company related to Iran's Atomic Energy Organization and exfiltrated 324 inboxes comprising over 100,000 messages and totalling over 50G of files.

Microsoft said today that some of its customers' sensitive information was exposed by a misconfigured Microsoft server accessible over the Internet. "This misconfiguration resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers, such as the planning or potential implementation and provisioning of Microsoft services," the company revealed.

New research has disclosed what's being called a security vulnerability in Microsoft 365 that could be exploited to infer message contents due to the use of a broken cryptographic algorithm. Office 365 Message Encryption is a security mechanism used to send and receive encrypted email messages between users inside and outside an organization without revealing anything about the communications themselves.

On Thursday, a Puerto Rico judge sentenced a former University of Puerto Rico student to 13 months in prison for hacking over a dozen email and Snapchat accounts of female colleagues. Besides targeting dozens of student email accounts, he successfully hacked into multiple university email accounts and collected personal information in spoofing and phishing attacks.

WithSecure researchers are warning organizations of a security weakness in Microsoft Office 365 Message Encryption that could be exploited by attackers to obtain sensitive information. OME, which is used by organizations to send encrypted emails internally and externally, utilizes the Electronic Codebook implementation - a mode of operation known to leak certain structural information about messages.