Security News

Emails between leading pro-Brexit figures in the UK have seemingly been stolen and leaked online by what could be a Kremlin cyberespionage team. The emails were uploaded to a.co.uk website titled "Very English Coop d'Etat," Reuters first reported this week.

HP's cybersecurity folks have uncovered an email campaign that ticks all the boxes: messages with a PDF attached that embeds a Word document that upon opening infects the victim's Windows PC with malware by exploiting a four-year-old code-execution vulnerability in Microsoft Office. Booby-trapping a PDF with a malicious Word document goes against the norm of the past 10 years, according to the HP Wolf Security researchers.

Email was revealed as the riskiest channel for data loss in organizations, as stated by 65% of IT security practitioners. User-created data, regulated data, and intellectual property were identified as the three types of data that are most difficult to protect from data loss.

Security consultant Lance Vick recently acquired the expired domain used by the maintainer of a widely used NPM package to remind the JavaScript community that the NPM Registry still hasn't implemented adequate security. Vick acquired the lapsed domain that had been used by the maintainer to create an NPM account and is associated with the "Foreach" package on NPM. But he said he didn't follow through with resetting the password on the email account tied to the "Foreach" package, which is fetched nearly six million times a week.

The United Kingdom's National Cyber Security Centre has announced a new email security check service to help organizations identify vulnerabilities that could allow attackers to spoof emails or lead to email privacy breaches. The government agency, which leads the UK's cyber security mission, says the Email Security Check tool requires no sign-ups or personal details.

The FBI warned the global cost of business email compromise attacks is $43 billion for the time period of June 2016 and December 2021. BEC or email account compromise are an advanced scamming technique that targets both employees and business and the businesses they work for.

The server keeps track of every time this "Image" is opened and by which IP address. This quirk of internet history means that marketers can track exactly when you open an email and your IP address, which can be used to roughly work out your location.

FBI: $43 billion in losses are due to Business Email Compromise fraud between 2016 and 2021. The Federal Bureau of Investigation released an alert that said there has been a 65% increase in identified global exposed losses from Business Email Compromise fraud, also known as Email Account Compromise.

A phishing operation compromised over one hundred UK National Health Service employees' Microsoft Exchange email accounts for credential harvesting purposes, according to email security shop Inky. During the phishing campaign, which began in October 2021 and spiked in March 2022, the email security firm detected 1,157 phishing emails originating from NHSMail accounts that belonged to 139 NHS employees in England and Scotland.

For about half a year, work email accounts belonging to over 100 employees of the National Health System in the U.K. were used in several phishing campaigns, some aiming to steal Microsoft logins. Attackers started using legitimate NHS email accounts in October last year after hijacking them and continued to use them in phishing activity through at least April 2022.