Security News

Brit railway company Merseyrail is understood to have suffered a ransomware attack - and the crooks responsible reportedly pwned a director's Office 365 account to email employees and journalists about it. Merseyrail's network covers 68 stations around Liverpool, Birkenhead and Southport, stretching as far south as Chester.

Threat actors are impersonating Chase Bank in two phishing attacks that can slip past Microsoft Exchange security protections in an aim to steal credentials from victims - by spoofing real-life customer scenarios. "These email attacks employed a gamut of techniques to get past traditional email security filters and pass the eye tests of unsuspecting end users," Kumar wrote.

Millions of email addresses collected by Emotet botnet for malware distribution campaigns have been shared by the Federal Bureau of Investigation as part of the agency's effort to clean infected computers. Individuals and domain owners can now learn if Emotet impacted their accounts by searching the database with email addresses stolen by the malware.

Apple's iCloud Mail service is suffering an outage since this morning, preventing some people from sending and receiving emails. Starting this morning at 7:13 AM EST, iCloud Mail users began reporting that they were having difficulty sending or receiving an email to their accounts.

A staggering number of 3.28 billion passwords linked to 2.18 billion unique email addresses were exposed in what's one of the largest data dumps of breached usernames and passwords. The leak includes 1,502,909 passwords associated with email addresses from government domains across the world, with the U.S. government alone taking up 625,505 of the exposed passwords, followed by the U.K, Australia, Brazil, and Canada.

Check Your Domain Today! Use our free tool to examine your domain's DMARC, SPF, DKIM, BIMI, and MTA-STS records instantly to ensure your domain is protected from impersonation and email fraud! The first step towards improving the email security of your domain is to assess how properly it is secured against security breaches, email fraud, BEC, and spoofing.

Twitter caused quite the panic Thursday night when they accidentally sent emails asking users to confirm their accounts, which looked suspiciously like a phishing attack. These emails began around 10 PM EST, with numerous Twitter accounts operated by BleepingComputer and its writers receiving the emails.

A Microsoft 365 outage is preventing Exchange Online users from sending and receiving emails, with messages being stuck in transit and not reaching the recipients' inboxes. "We're investigating a potential issue with Exchange Online mailflow in North America," Microsoft shared on the company's Microsoft 365 Status Twitter account.

Turns out, all it takes for attackers to alter the "External sender" warning, or remove it altogether from emails is just a few lines of HTML and CSS code. Email security products such as enterprise email gateways are often configured to display the "External sender" warning to a recipient when an email arrives from outside of the organization.

A new email-based campaign by an emerging threat actor aims to spread various remote access trojans to a very specific group of targets who use Bloomberg's industry-based services. Researchers have been tracking the email based campaign since Fajan first commenced activity in March, recovering a "Relatively low volume" of samples that make it tricky to determine "Whether the campaigns are carefully targeted or mass-spammed," according to a report posted online Wednesday.