Security News

A phishing campaign used the guise of Instagram technical support to steal login credentials from employees of a prominent U.S. life insurance company headquartered in New York, researchers have revealed. According to a report published by Armorblox on Wednesday, the attack combined brand impersonation with social engineering and managed to bypass Google's email security by using a valid domain name, eventually reaching the mailboxes of hundreds of employees.

The Qakbot botnet is getting more dangerous, sinking its fangs into email threads and injecting malicious modules to pump up the core botnet's powers. On Thursday, Sophos published a deep dive into the botnet, describing how researchers have recently seen it spreading through email thread hijacking - an attack in which malware operators malspam replies to ongoing email threads.

A Register reader has raised concerns over UK ISP Virgin Media's password policies after discovering he couldn't set a password longer than 10 characters or one that includes non-alphanumeric characters. "I am having a running battle with a hacker who is able to crack a 10-character password used for Virgin or Virginmedia email in less than a day," Nick complained, saying the attacker was setting up auto-forward rules to divert his emails as well as being able to guess newly reset passwords within a day.

Chinese hackers attempted phishing on emails affiliated with US government. According to Google's Threat Analysis Group, multiple Gmail users affiliated with the U.S. government were alerted to an attempted phishing attack by a Chinese-backed hacking group noted as APT31 in February.

Users of Horde Webmail are being urged to disable a feature to contain a nine-year-old unpatched security vulnerability in the software that could be abused to gain complete access to email accounts simply by previewing an attachment. "This gives the attacker access to all sensitive and perhaps secret information a victim has stored in their email account and could allow them to gain further access to the internal services of an organization," SonarSource vulnerability researcher, Simon Scannell, said in a report.

The report reveals that attackers were more active in 2021 than 2020, with findings uncovering that 78% of organizations saw email-based ransomware attacks in 2021, while 77% faced business email compromise attacks, reflecting cybercriminals' continued focus on compromising people, as opposed to gaining access to systems through technical vulnerabilities. In line with this, 68% of organizations said they dealt with at least one ransomware infection stemming from a direct email payload, second-stage malware delivery, or other exploit.

SEE: 40+ open source and Linux terms you need to know. Your first question might be "Why would you need to do this?" As I said, I do a lot of testing, so I have several Linux servers on a LAN that need to be able to send out emails.

Cisco has released security updates to contain three vulnerabilities affecting its products, including one high-severity flaw in its Email Security Appliance that could result in a denial-of-service condition on an affected device. The weakness, assigned the identifier CVE-2022-20653, stems from a case of insufficient error handling in DNS name resolution that could be abused by an unauthenticated, remote attacker to send a specially crafted email message and cause a DoS. "A successful exploit could allow the attacker to cause the device to become unreachable from management interfaces or to process additional email messages for a period of time until the device recovers, resulting in a DoS condition," the company said in an advisory.

Cisco has addressed a high severity vulnerability that could allow remote attackers to crash Cisco Secure Email appliances using maliciously crafted email messages. The security flaw was found in DNS-based Authentication of Named Entities, a Cisco AsyncOS Software component used by Cisco Secure Email to check emails for spam, phishing, malware, and other threats.

Cisco has addressed a high severity vulnerability that could allow remote attackers to crash Cisco Secure Email appliances using maliciously crafted email messages. The security flaw was found in DNS-based Authentication of Named Entities, a Cisco AsyncOS Software component used by Cisco Secure Email to check emails for spam, phishing, malware, and other threats.