Security News

BEC attacks have become increasingly prevalent in recent years, with cybercriminals using a variety of tactics to gain access to sensitive information and steal money from businesses. While many people may assume that these attacks are primarily an English language phenomenon, the truth is that they can occur in multiple languages.

A hole in a Department of Defense email server operated by Microsoft left more than a terabyte of sensitive data exposed less than a month after Office 365 was awarded a higher level of US government security accreditation. According to security researcher Anurag Sen, who discovered the issue and shared it, the openly accessible server was part of an internal mailbox system hosted on Azure Government Cloud and used by the DoD for a variety of purposes - including the processing of security clearance paperwork.

According to reports from an increasing number of Microsoft customers, Outlook inboxes have been flooded with spam emails over the last nine hours because email spam filters are currently broken. This ongoing issue was confirmed by countless Outlook users who have reported that all messages were landing in their inboxes, even those that would have been previously tagged as spam and sent to the junk folder.

In a preprint paper titled, "Forward Pass: On the Security Implications of Email Forwarding Mechanism and Policy," scheduled to appear at the 8th IEEE European Symposium on Security and Privacy in July, authors Enze Liu, Gautam Akiwate, Mattijs Jonker, Ariana Mirian, Grant Ho, Geoffrey Voelker, and Stefan Savage show that email messages can be easily spoofed despite the existence of supposed defenses. The researchers, affiliated with UC San Diego and Stanford University in the US, and University of Twente in the Netherlands, reveal that attackers can still easily take advantage of security issues arising from email forwarding.

Domain registrar Namecheap blamed a "Third-party provider" that sends its newsletters after customers complained of receiving phishing emails from Namecheap's system. More than one customer noted that the emails - which purported to be from DHL and crypto-asset wallet provider MetaMask - were digitally signed with DKIM and received at distinct emails they'd assigned solely for comms with Namecheap.

A surge of phishing emails impersonating DHL and MetaMask have started hitting inboxes of Namecheap customers last week, attempting to trick recipients into sharing personal information or sharing their crypto wallet's secret recovery phrase. The emails look like they were sent by Namecheap, prompting recipients to complain to the company, which then started an investigation and soon after reacted by stopping all the emails.

Domain registrar Namecheap had their email account breached Sunday night, causing a flood of MetaMask and DHL phishing emails that attempted to steal recipients' personal information and cryptocurrency wallets. The phishing campaigns started around 4:30 PM ET and originated from SendGrid, an email platform used historically by Namecheap to send renewal notices and marketing emails.

75% of the organizations had fallen victim to at least one successful email attack in the last 12 months, with those affected facing average potential costs of more than $1 million for their most expensive attack, according to a new Barracuda Networks report. 23% said that the cost of email attacks has risen dramatically over the last year.

Between July-December 2022, the median open rate for text-based business email compromise attacks was nearly 28%, according to Abnormal Security. "Human beings are relatively easy to manipulate, and employers' expectations regarding the ability of the average employee to identify these modern attacks are far too high. It is much safer to prevent a threat from reaching an employee's inbox than to rely on them to try to detect these sophisticated attacks on their own," Hassold continued.

Money Lover is a finance app allowing users to manage their expenses and budgets that has been downloaded five million times on the Play Store, with the app also available for iOS and Windows. Money Lover allows users to create "Shared wallets" with specific users, like family members or coworkers, to log transactions to collaborate in expense logging and monitoring.