Security News

A Register reader has raised concerns over UK ISP Virgin Media's password policies after discovering he couldn't set a password longer than 10 characters or one that includes non-alphanumeric characters. "I am having a running battle with a hacker who is able to crack a 10-character password used for Virgin or Virginmedia email in less than a day," Nick complained, saying the attacker was setting up auto-forward rules to divert his emails as well as being able to guess newly reset passwords within a day.

Chinese hackers attempted phishing on emails affiliated with US government. According to Google's Threat Analysis Group, multiple Gmail users affiliated with the U.S. government were alerted to an attempted phishing attack by a Chinese-backed hacking group noted as APT31 in February.

Users of Horde Webmail are being urged to disable a feature to contain a nine-year-old unpatched security vulnerability in the software that could be abused to gain complete access to email accounts simply by previewing an attachment. "This gives the attacker access to all sensitive and perhaps secret information a victim has stored in their email account and could allow them to gain further access to the internal services of an organization," SonarSource vulnerability researcher, Simon Scannell, said in a report.

The report reveals that attackers were more active in 2021 than 2020, with findings uncovering that 78% of organizations saw email-based ransomware attacks in 2021, while 77% faced business email compromise attacks, reflecting cybercriminals' continued focus on compromising people, as opposed to gaining access to systems through technical vulnerabilities. In line with this, 68% of organizations said they dealt with at least one ransomware infection stemming from a direct email payload, second-stage malware delivery, or other exploit.

SEE: 40+ open source and Linux terms you need to know. Your first question might be "Why would you need to do this?" As I said, I do a lot of testing, so I have several Linux servers on a LAN that need to be able to send out emails.

Cisco has released security updates to contain three vulnerabilities affecting its products, including one high-severity flaw in its Email Security Appliance that could result in a denial-of-service condition on an affected device. The weakness, assigned the identifier CVE-2022-20653, stems from a case of insufficient error handling in DNS name resolution that could be abused by an unauthenticated, remote attacker to send a specially crafted email message and cause a DoS. "A successful exploit could allow the attacker to cause the device to become unreachable from management interfaces or to process additional email messages for a period of time until the device recovers, resulting in a DoS condition," the company said in an advisory.

Cisco has addressed a high severity vulnerability that could allow remote attackers to crash Cisco Secure Email appliances using maliciously crafted email messages. The security flaw was found in DNS-based Authentication of Named Entities, a Cisco AsyncOS Software component used by Cisco Secure Email to check emails for spam, phishing, malware, and other threats.

Cisco has addressed a high severity vulnerability that could allow remote attackers to crash Cisco Secure Email appliances using maliciously crafted email messages. The security flaw was found in DNS-based Authentication of Named Entities, a Cisco AsyncOS Software component used by Cisco Secure Email to check emails for spam, phishing, malware, and other threats.

A new version of the MyloBot malware has been observed to deploy malicious payloads that are being used to send sextortion emails demanding victims to pay $2,732 in digital currency. MyloBot, first detected in 2018, is known to feature an array of sophisticated anti-debugging capabilities and propagation techniques to rope infected machines into a botnet, not to mention remove traces of other competing malware from the systems.

The widespread malware known as Qbot has recently returned to light-speed attacks, and according to analysts, it only takes around 30 minutes to steal sensitive data after the initial infection. As shown in the following diagram, Qbot moves quickly to perform privilege escalation immediately following an infection, while a full-fledged reconnaissance scan takes place within ten minutes.