Security News

Business email compromise refers to all types of email attacks that do not have payloads. In a recent study, 71% of organizations acknowledged they had seen a business email compromise attack during the past year.

A combination of humans and technology is needed to truly move the needle on email security. Understanding the email threat landscape - what is emerging, who the threat actors are, what the latest tradecraft is, and the most commonly deployed attack techniques effectively circumventing legacy email security technologies - is critical for an organization to protect themselves.

Two bugs, now patched except in older versions, could be chained to allow attackers to hijack Zimbra server by simply sending a malicious email. Zimbra webmail server has two flaws that could let an attacker paw through the inbox and outbox of all the employees in all the enterprises that use the immensely popular collaboration tool, researchers say.

Vulnerabilities in the Zimbra enterprise webmail solution could allow an attacker to gain unrestricted access to an organization's sent and received email messages, software security firm SonarSource reveals. In June, Zimbra released patches for multiple security issues in the webmail solution, including two bugs identified by Simon Scannell, a security researcher with SonarSource.

Cybersecurity researchers have discovered multiple security vulnerabilities in Zimbra email collaboration software that could be potentially exploited to compromise email accounts by sending a malicious message and even achieve a full takeover of the mail server when hosted on a cloud infrastructure. "A combination of these vulnerabilities could enable an unauthenticated attacker to compromise a complete Zimbra webmail server of a targeted organization," said SonarSource vulnerability researcher, Simon Scannell, who identified the security weaknesses.

Overall, BIMI acts as an additional layer of security to the existing email authentication process. You will need to convert your BIMI logo image to an SVG file that meets the BIMI standard specifications.

The Milanote app, billed as the "Evernote for creatives" by reviewers, has attracted the notice of cybercriminals who are abusing it to carry out credential-stealing campaigns that skate past secure email gateways, researchers said. According to analysis from Avanan released Thursday, attackers are looking to hook victims by starting off with a simple email.

DuckDuckGo is rolling out an email privacy feature that strips incoming messages of trackers that can help profile you for better profiling and ad targeting. Currently in private beta, DuckDuckGo's Email Protection service aims at shielding you from hidden trackers that are often embedded in emails from various companies.

Paired with the required DMARC enforcement, VMCs are a critical step in a series of security measures that help strengthen email security, build trust in the inbox and help users associate the brand logo with the company they expect to communicate with. "With BIMI and VMC from DigiCert for DMARC-verified domains, organizations can now demonstrate to their customers a higher level of email security. DigiCert VMCs not only help reduce instances of spam and spoofing customers receive, because of the DMARC requirement, but they also enable organizations to go beyond displaying default email addresses to increase engagement rates and display their brands more prominently."

Entrust announced an expanded partnership with Red Sift to simplify and streamline the adoption of strong email sender authentication based on Brand Indicators for Message Identification standards. As email has become more critical than ever for organizations to connect and communicate with their customers, the ecosystem is looking to BIMI as an opportunity to increase the wide adoption of email authentication while simultaneously providing senders with a way to provide their customers a more immersive experience.