Security News

Email was revealed as the riskiest channel for data loss in organizations, as stated by 65% of IT security practitioners. User-created data, regulated data, and intellectual property were identified as the three types of data that are most difficult to protect from data loss.

Security consultant Lance Vick recently acquired the expired domain used by the maintainer of a widely used NPM package to remind the JavaScript community that the NPM Registry still hasn't implemented adequate security. Vick acquired the lapsed domain that had been used by the maintainer to create an NPM account and is associated with the "Foreach" package on NPM. But he said he didn't follow through with resetting the password on the email account tied to the "Foreach" package, which is fetched nearly six million times a week.

The United Kingdom's National Cyber Security Centre has announced a new email security check service to help organizations identify vulnerabilities that could allow attackers to spoof emails or lead to email privacy breaches. The government agency, which leads the UK's cyber security mission, says the Email Security Check tool requires no sign-ups or personal details.

The FBI warned the global cost of business email compromise attacks is $43 billion for the time period of June 2016 and December 2021. BEC or email account compromise are an advanced scamming technique that targets both employees and business and the businesses they work for.

The server keeps track of every time this "Image" is opened and by which IP address. This quirk of internet history means that marketers can track exactly when you open an email and your IP address, which can be used to roughly work out your location.

FBI: $43 billion in losses are due to Business Email Compromise fraud between 2016 and 2021. The Federal Bureau of Investigation released an alert that said there has been a 65% increase in identified global exposed losses from Business Email Compromise fraud, also known as Email Account Compromise.

A phishing operation compromised over one hundred UK National Health Service employees' Microsoft Exchange email accounts for credential harvesting purposes, according to email security shop Inky. During the phishing campaign, which began in October 2021 and spiked in March 2022, the email security firm detected 1,157 phishing emails originating from NHSMail accounts that belonged to 139 NHS employees in England and Scotland.

For about half a year, work email accounts belonging to over 100 employees of the National Health System in the U.K. were used in several phishing campaigns, some aiming to steal Microsoft logins. Attackers started using legitimate NHS email accounts in October last year after hijacking them and continued to use them in phishing activity through at least April 2022.

The Federal Bureau of Investigation said today that the amount of money lost to business email compromise scams continues to grow each year, with a 65% increase in the identified global exposed losses between July 2019 and December 2021. Victims reported losses of almost $2.4 billion in 2021, based on 19,954 recorded complaints linked to BEC attacks targeting individuals and businesses.

Phishing actors abuse Google's SMTP relay service to bypass email security products and successfully deliver malicious emails to targeted users. According to a report from email security firm Avanan, there has been a sudden uptick in threat actors abusing Google's SMTP relay service starting in April 2022.