Security News

The Federal Bureau of Investigation email servers were hacked to distribute spam email impersonating FBI warnings that the recipients' network was breached and data was stolen. The emails pretended to warn about a "Sophisticated chain attack" from an advanced threat actor known, who they identify as Vinny Troia.

Email is fundamental to the operation of most businesses. 90 per cent of IT execs are prioritizing the protection of docs and info in emails according to research from Echoworx.

A new business email compromise campaign targeting Microsoft 365 users is using a range of sophisticated obfuscation tactics within phishing emails that can fool natural language processing filters and are undetectable to end users. Researchers at Avanan, a CheckPoint company, first discovered the campaign - dubbed One Font because of the way it hides text in a one-point font size within messages - in September.

Bait attacks are on the rise, and it appears that actors who distribute this special kind of phishing emails prefer to use Gmail accounts to conduct their attacks. According to a report by Barracuda, who surveyed 10,500 organizations, 35% of them received at least one bait attack email in September 2021 alone.

Well, over the past 24 hours, we, and many of our colleagues, have been on the receiving end of an email scam that preys on exactly these fears. In other words, receiving an email from a "Colleague" whom you don't know, and who doesn't know you, but who seems to have been dragged into a customer "Dispute" that you weren't even aware of yet.

A new phishing campaign pretending to be supply lists infects users with the MirCop ransomware that encrypts a target system in under fifteen minutes. The email body contains a hyperlink to a Google Drive URL, which, if clicked, downloads an MHT file onto the victim's machine.

Phishers readily deploy attacks, with the average phishing campaign lasting only 12 minutes, according to Google, which reports blocking 100 million phishing emails per day. Implementing DMARC eliminates the most common attack vector - phishing emails - and adds another layer of protection.

Musical instruments, motorcycle parts and now malware - Craigslist really does have it all. The Craigslist internal email system was hijacked by attackers this month to deliver convincing messages messages, ultimately aimed avoiding Microsoft Office security controls to deliver malware.

The United Kingdom's data watchdog is calling on organisations to review their "Bulk email practices" after a BCC blunder by HIV Scotland incurred a £10,000 fine for breaking data protection regulations. The case pertains to an email that was sent to 105 individuals on the Community Advisory Network list, which is made up of patient-advocates "From across Scotland to represent the full diversity of people living with HIV".

Digitally signing an email might not be a singular means to a secure end, but it can at least help recipients of your email better trust the missives you send them. Some email clients make digitally signing easier than others.