Security News

Emails referencing the Colonial Pipeline ransomware attack and looking like they've been sent from the corporate IT help desk have been hitting employees' inboxes and asking them to download and run a "Ransomware system update." The emails look rather convincing: they look like they are coming from the company help desk staff, they contain no egregious grammar or spelling errors, and are quick to come to the point.

Spammers are abusing affiliate programs to promote online casinos, such as Raging Bull Casino, Sports and Casino, Ducky Luck, and Royal Ace Casino, with misleading emails. To refer users, the affiliates will create specially crafted URLs that contain an affiliates ID or drops a cookie that allows the casino to give them credit when a referral registers a new account.

Spammers are abusing affiliate programs to promote online casinos, such as Raging Bull Casino, Sports and Casino, Ducky Luck, and Royal Ace Casino, with misleading emails. To refer users, the affiliates will create specially crafted URLs that contain an affiliates ID or drops a cookie that allows the casino to give them credit when a referral registers a new account.

On average, it takes three and half days from the moment a malicious email attack lands in an employees inbox, to when it is discovered by a security team or reported by end users and remediated, says new insight from Barracuda Networks. Researchers analyzed threat patterns and response practices across 3500 organizations, analyzing what happens after a malicious email bypasses an organization's security measures and lands in a user's inbox.

Even with the best defenses, some malicious emails are invariably going to bypass your security and reach the inboxes of your users. In a report published Tuesday, security firm Barracuda Networks looks at how malicious messages evade security detection and what you can do to stop them.

An alert released on Friday by the FBI and the DHS's Cybersecurity and Infrastructure Security Agency revealed that the number of organizations targeted in a recent attack abusing a legitimate email marketing service was higher than initially reported. Microsoft reported last week that the Russia-linked threat actor it tracks as Nobelium, which is believed to be responsible for the SolarWinds supply chain attack, had been abusing a legitimate mass email service named Constant Contact to target government and other types of organizations in the United States and a dozen other countries.

With so many companies being targeted by domain impersonators, email domain spoofing shouldn't be taken lightly. Forging the email domain or address: wherein attackers exploit loopholes in existing email security protocols to send emails on behalf of a legitimate domain.

Scammers use fake 'unsubscribe' spam emails to confirm valid email accounts to be used in future phishing and spam campaigns. For some time, spammers have been sending emails that simply ask if you wish to unsubscribe or subscribe.

Email protection company Material Security this week announced that it raised $40 million in Series B funding, which brings the capital raised by the firm to date to $62 million. Founded in 2017, the Redwood City, California-based company is focused on protecting email accounts both before and after compromise.

Microsoft is investigating an Office 365 issue causing Outlook and Exchange Online emails to skip recipients' inboxes and being sent their junk folders instead. "We're investigating an issue in which email is being sent to the junk folder," Microsoft shared on the company's Microsoft 365 Status Twitter account. The Microsoft 365 Service health status page is currently directing customers to the Microsoft 365 Status Twitter account for more details regarding this ongoing incident.