Security News

The Federal Bureau of Investigation said today that the amount of money lost to business email compromise scams continues to grow each year, with a 65% increase in the identified global exposed losses between July 2019 and December 2021. Victims reported losses of almost $2.4 billion in 2021, based on 19,954 recorded complaints linked to BEC attacks targeting individuals and businesses.

Phishing actors abuse Google's SMTP relay service to bypass email security products and successfully deliver malicious emails to targeted users. According to a report from email security firm Avanan, there has been a sudden uptick in threat actors abusing Google's SMTP relay service starting in April 2022.

A newly discovered and uncommonly stealthy Advanced Persistent Threat group is breaching corporate networks to steal Exchange emails from employees involved in corporate transactions such as mergers and acquisitions. Mandiant researchers, who discovered the threat actor and now track it as UNC3524, say the group has demonstrated its "Advanced" capabilities as it maintained access to its victims' environments for more than 18 months.

A newly discovered and uncommonly stealthy Advanced Persistent Threat group is breaching corporate networks to steal Exchange emails from employees involved in corporate transactions such as mergers and acquisitions. "Once UNC3524 successfully obtained privileged credentials to the victim's mail environment, they began making Exchange Web Services API requests to either the on-premises Microsoft Exchange or Microsoft 365 Exchange Online environment," Mandiant said.

Security analysts have uncovered a recent phishing campaign from Russian hackers known as APT29 targeting diplomats and government entities. In a new campaign spotted by threat analysts at Mandiant, APT29 is targeting diplomats and various government agencies through multiple phishing campaigns.

Although it had previously been foiled by a global law enforcement effort, it looks like Emotet malware has returned behind a new campaign. New findings from cybersecurity company Check Point show that Emotet has reemerged since November 2021 as the most prevalent form of malware through an aggressive email drive using Easter themed phishing scams to distribute the botnet.

Echoworx's release of a commissioned study conducted on their behalf by Forrester Consulting reveals the evolution of email security strategies and the importance of user experience. Echoworx provides email encryption solutions that are smarter and more adaptive.

An unpatched high-severity security flaw has been disclosed in the open-source RainLoop web-based email client that could be weaponized to siphon emails from victims' inboxes. "The code vulnerability can be easily exploited by an attacker by sending a malicious email to a victim that uses RainLoop as a mail client," SonarSource security researcher Simon Scannell said in a report published this week.

On overwhelming number of security teams believe their email security systems to be ineffective against the most serious inbound threats, including ransomware. "Security team managers are most concerned that current email security solutions do not block serious inbound threats, which requires time for response and remediation by the security team before dangerous threats are triggered by users," according to the report, released Wednesday.

This WordPress plugin protects the emails displayed on your website We may be compensated by vendors who appear on this page through methods such as affiliate links or sponsored partnerships. You can still display email addresses according to custom preferences, with control over fonts, colors and more, but you'll ensure that criminal data mining misses those emails when trawling the web.