Security News

SonicWall has addressed three critical security vulnerabilities in its hosted and on-premises email security product that are being actively exploited in the wild. "The adversary leveraged these vulnerabilities, with intimate knowledge of the SonicWall application, to install a backdoor, access files, and emails, and move laterally into the victim organization's network."

SonicWall's Email Security product is affected by three vulnerabilities that have been exploited in attacks. FireEye, whose incident response unit Mandiant spotted the vulnerabilities and their active exploitation in March, warned on Tuesday that a threat actor had been observed exploiting the SonicWall Email Security flaws to install backdoors, access emails and files, and move laterally in the victim's network.

Cryptocurrency rewards platform Celsius Network has disclosed a security breach exposing customer information that led to a phishing attack. Today, Celsius CEO Alex Mashinsky stated that Celsius' third-party marketing server was compromised, and threat actors gained access to a partial Celsius customer list.

A Nigerian email scammer based in New York was on Tuesday sentenced to 40 months in prison, and ordered to pay back $2.7m in stolen money. As opposed to the infamous Nigerian email scams where people pretended to be heirs to fortunes and devised various ways to get victims to send them money to access their funds, the scam run by Eke and three other Nigerian conspirators was significantly more sophisticated, the indictment states [PDF].

A W2 tax email scam is circulating in the U.S. using Typeform, a popular software that specializes in online surveys and form building. According to Armorblox, the campaign also bypasses native Google Workspace email security filters in the victims it examined.

Tech support scammers are pretending to be from Microsoft, McAfee, and Norton to target users with fake antivirus billing renewals in a large-scale email campaign. While browsing the web, most people at one time or another have been redirected to a tech support scam web site that pretends your computer is infected and then prompts you to dial a displayed phone number.

By integrating innovative machine learning capabilities from Cyberfish with Cofense's detection and response technology, Cofense will bring to market a holistic, advanced automation solution for email protection, detection, and response. With the acceleration of digital transformation and migration to cloud email services from Microsoft 365 and Google Workspace, organizations are rethinking their email security architecture and technology stack.

A report released Wednesday by security firm GreatHorn looks at the risks of email attachments and suggests ways to defend your organization against such malicious payloads. Based on a survey of 256 cybersecurity professionals conducted in the U.S. in late March, the report found that 52% of them are most concerned with malicious payloads being delivered via email, while 47% are most worried about such payloads being delivered by a hyperlink within an email.

A zero-click security vulnerability in Apple's macOS Mail would allow a cyberattacker to add or modify any arbitrary file inside Mail's sandbox environment, leading to a range of attack types. According to Mikko Kenttälä, founder and CEO of SensorFu, exploitation of the bug could lead to unauthorized disclosure of sensitive information to a third party; the ability to modify a victim's Mail configuration, including mail redirects which enables takeover of victim's other accounts via password resets; and the ability to change the victim's configuration so that the attack can propagate to correspondents in a worm-like fashion.

Microsoft has fixed an Outlook bug that blocked users from forwarding or replying to emails containing embedded hyperlinks pointing to long URLs. Outlook for PC users experiencing this issue are seeing "Cannot send this item" errors according to customers' reports on Microsoft's community website.