Security News

The maintainers of a "Disposable email service" blocklist have decided to add Firefox Relay to the list, leaving many users of the service upset. Firefox Relay is a privacy-centric email service that enables users to protect their real email addresses and hence limit spam.

The maintainers of a "Disposable email service" blocklist have decided to add Firefox Relay to the list, leaving many users of the service upset. Firefox Relay is a privacy-centric email service that enables users to protect their real email addresses and hence limit spam.

One of the targets was Sergey Alexeyevich Ryabko, the deputy foreign minister for the Russian Federation, among other things responsible for bilateral relations with North and South America. The phishing campaign started since at least October 19, 2021, deploying Konni malware, a remote administration tool associated with the cyber activity from North Korean hackers known as APT37.

SonicWall has confirmed today that some of its Email Security and firewall products have been hit by the Y2K22 bug, causing message log updates and junk box failures starting with January 1st, 2022. The company says that email users and administrators will no longer be able to access the junk box or un-junk newly received emails on affected systems.

The easy-to-find bug has been hanging around for years, ready to take Uber's customers for a ride of a very different sort. According to Seekurity security researcher and bug-hunter Seif Elsallamy, the HTML-injection issue made it possible to tap into an internet-facing internal Uber API endpoint in order to send out email directly from Uber's email system; since the emails would be coming from an authentic sender, they wouldn't trigger normal email security filters like DMARC or DKIM. Obviously, the bug opened a gaping opportunity for cyberattackers to send out social-engineering emails to the ride-sharing giant's nearly 100 million users - perhaps a message asking them to "Verify" their account info or "Update" their credit-card information.

Microsoft, over the weekend, rolled out a fix to address an issue that caused email messages to get stuck on its Exchange Server platforms due to what it blamed on a date validation error at around the turn of the year. The Windows maker said the issue impacted on-premises versions of Exchange Server 2016 and Exchange Server 2019 but didn't specify how widespread the impact was.

A vulnerability in Uber's email system allows just about anyone to send emails on behalf of Uber. The researcher who discovered this flaw warns this vulnerability can be abused by threat actors to email 57 million Uber users and drivers whose information was leaked in the 2016 data breach.

A vulnerability in Uber's email system allows just about anyone to send emails on behalf of Uber. The researcher who discovered this flaw warns this vulnerability can be abused by threat actors to email 57 million Uber users and drivers whose information was leaked in the 2016 data breach.

Microsoft Exchange on-premise servers cannot deliver email starting on January 1st, 2022, due to a "Year 2022" bug in the FIP-FS anti-malware scanning engine. Starting with Exchange Server 2013, Microsoft enabled the FIP-FS anti-spam and anti-malware scanning engine by default to protect users from malicious email.

A new Dridex malware phishing campaign is using fake employee termination emails as a lure to open a malicious Excel document, which then trolls the victim with a season's greeting message. Dridex is a banking malware spread through malicious emails that was initially developed to steal online banking credentials.