Security News

Documents and emails tagged as sensitive through Microsoft's sensitivity labels are automatically protected with persistent, granular usage policies based on the sensitivity level selected. "Classified data is a target as sensitive labels alert nefarious insiders and outsiders to confidential and regulated information such as PII," stated Vishal Gupta, CEO of Seclore.

These types of email attacks rely on simple language and exploit human nature to scam their victims, making detection difficult, says Cisco Talos. The Business Email Compromise attack is a popular tactic among cybercriminals.

Researchers warn hackers can snoop on email messages by exploiting a bug in the underlying technology used by the majority of email servers that run the Internet Message Access Protocol, commonly referred to as IMAP. The bug, first reported in August 2020 and patched Monday, is tied to the email server software Dovecot, used by over three-quarters of IMAP servers, according to Open Email Survey. "The vulnerability allows a MITM attacker between a mail client and Dovecot to inject unencrypted commands into the encrypted TLS context, redirecting user credentials and mails to the attacker," according to research linked to from a bug bounty page and dated August 2020.

Email is one of the most popular tools exploited by cybercriminals to launch attacks against organizations. One particular tactic favored by criminals is the Business Email Compromise in which the scammer spoofs a trusted contact to defraud a company out of money.

Poland's deputy prime minister Jaros?aw Kaczy?ski says last week's breach of multiple Polish officials' private email accounts was carried out from servers within the Russian Federation. "After reading the information provided to me by the Internal Security Agency and the Military Counterintelligence Service, I inform you that the most important Polish officials, ministers, and deputies of various political options were subject to a cyber attack," Kaczy?ski said in a statement published today.

Threat actors impersonate the now-defunct DarkSide Ransomware operation in fake extortion emails sent to companies in the energy and food sectors. In a new report, Trend Micro researchers reveal that a new extortion campaign started in June where threat actors are impersonating the DarkSide ransomware gang.

Social media was abuzz tonight after thousands of HBO Max subscribers received strange emails titled "Integration Test Email #1," which was ultimately blamed on a HBO Max intern. As a test email going out to all HBO Max subscribers wasn't bad enough, HBO Max's Twitter account blamed an intern for the mistakenly sent email blast.

According to researchers at Armorblox, the emails bypassed native Microsoft email security controls along with email security engines like Exchange Online Protection and Proofpoint, landing in tens of thousands of corporate inboxes. The attackers used the same look and feel from a branding perspective as the real Geek Squad, Iyer said, and the email body language "Carefully [tread] the line between vagueness and urgency-inducing specificity."

As these aforementioned incidents all use email as the primary method of reaching out to potential victims, email security is an incredibly important aspect in the banks' efforts of protecting their customers. When email security is properly enabled, only a bank's approved mail servers can send email messages from their official domains.

The native integration of Acronis Cyber Protect Cloud with Advanced Email Security means MSPs can use one solution to extend their cyber protection services to protect their clients' Microsoft 365, Google Workspace, Open-Xchange mailboxes, or on-premises mail server. "We are thrilled to partner with Acronis to power the leading Acronis Cyber Protect Cloud solution, with Perception Point, integrated as the Advanced Email Security pack," said Yoram Salinger, CEO of Perception Point.