Security News
Attackers are gnawing on the ProxyLogon and ProxyShell vulnerabilities in Microsoft Exchange Server to hijack email chains, by malspamming replies to ongoing email threads, researchers say. What's still under discussion: Whether the offensive is delivering SquirrelWaffle, the new email loader that showed up in September, or whether SquirrelWaffle is just one piece of malware among several that the campaigns are dropping.
Mozilla has announced the availability of a new free and paid Premium service, called Firefox Relay. You can pay for a Premium account where you get more aliases and can even create a new email domain for the aliases.
Our tale, from a reader Regomised as "Ali", takes place nearly 20 years ago, when he was in his first job in IT. His career, in a manner familiar to many, began on the helpdesk. Ali's helpdesk tickets up until this point had mainly consisted of users not knowing how to use the service: "Like how do I get my email, why can't I edit my site, what do you mean I need to own a computer to work on a website - I just bought a modem!".
Secure email gateway protections aren't necessarily enough to stop phishing emails from delivering ransomware to employees, especially if the cybercrooks are using legitimate cloud services to host malicious pages. Researchers are raising the alarm over a phishing email kicking off a Halloween-themed MICROP ransomware offensive, which they observed making its way to a target's inbox despite its being secured by an SEG. Infection Routine.
The U.S. Department of State is offering a $10 million reward for information about the activities of two Iranian nationals charged for cyber activity intended to "Intimidate and influence" American voters during the 2020 U.S. presidential campaign. An indictment unsealed today by the Department of Justice alleges that between September and November 2020, 24-year old Seyyed Mohammad Hosein Musa Kazemi and 27-year old Sajjad Kashian obtained information of more than 100,000 U.S. voters and used it "Sow discord among Americans."
Vinny Troia, the cybersecurity researcher mentioned in a fake alert gushed out of the FBI's email system, says it's just one of a string of jabs from a childish but cybercriminally talented tormentor. Vinny Troia, the cybersecurity researcher mentioned in a fake alert gushed out to thousands of people from the FBI's own email system on Friday night, has fingered the guy who allegedly pulled off the exploit.
On Saturday, spam tracker Spamhaus tweeted that it had learned of "Scary" emails being sent purportedly from the FBI and Department of Homeland Security. Though the emails were sent from a portal owned by the FBI and DHS, Spamhaus said that the messages themselves were fake.
Extending encryption to your email system, and the precious documents and info it holds, should be a no-brainer. Any email security effort will come up against a range of blockers, from access concerns, compliance issues, and the challenges of maintaining a joyful user experience, across multiple devices.
The Spamhaus Project, a European nonprofit that monitors email spam, detected the exploit and tweeted about it early Saturday morning, saying that "We have been made aware of 'scary' emails sent in the last few hours that purport to come from the FBI/DHS. While the emails are indeed being sent from infrastructure that is owned by the FBI/DHS, our research shows that these emails *are* fake." "Hi its pompompurin. Check headers of this email it's actually coming from FBI server. I am contacting you today because we located a botnet being hosted on your forehead, please take immediate action thanks."
The data for approximately 7 million Robinhood customers stolen in a recent data breach are being sold on a popular hacking forum and marketplace. Last week, Robinhood disclosed a data breach after one of its employees was hacked, and the threat actor used their account to access the information for approximately 7 million users through customer support systems.