Security News

Enterprise software developer Proxmox Server Solutions GmbH has released Proxmox Mail Gateway 6.4, the latest version of its open-source email security solution. Proxmox Mail Gateway is a complete operating system based on Debian Buster 10.9, but using Linux kernel 5.4.106, which is under long term support status.

The SolarWinds cyberattackers compromised the head of the Department of Homeland Security under former president Trump and other top-ranking members of the department's cybersecurity staff, according to a report. With Sunburst embedded, the attackers were then able to pick and choose which organizations to further penetrate, in a massive cyberespionage campaign that has hit nine U.S. government agencies, tech companies like Microsoft and 100 others hard.

The Harris Federation, a not-for-profit charity responsible for running 50 primary and secondary academies in London and Essex, has become the latest UK education body to fall victim to ransomware. In a message to pupils and parents, the group, which is led and run by teachers, admitted that criminals had meddled with its servers.

"The SolarWinds hack was a victory for our foreign adversaries, and a failure for DHS," said Sen. Rob Portman of Ohio, top Republican on the Senate's Homeland Security and Governmental Affairs Committee. An inquiry by the AP found new details about the breach at DHS and other agencies, including the Energy Department, where hackers accessed top officials' private schedules.

Email spoofing is used in phishing attacks to trick users into believing the message is from a person or entity they either know or can trust. Email spoofing is possible because the email system used to represent email addresses provides no way for outbound servers to verify the legitimacy of the sender's address.

British clothing brand FatFace has sent a controversial 'confidential' data breach notification to customers after suffering a ransomware attack earlier this year. This week, customers began receiving data breach notifications revealing that the popular lifestyle clothing brand, FatFace, had suffered a data breach after a cyberattack on January 17th, 2021.

An ongoing phishing operation that stole an estimated 400,000 OWA and Office 365 credentials since December has now expanded to abuse new legitimate services to bypass secure email gateways. The attacks are part of multiple phishing campaigns collectively dubbed the "Compact" Campaign, active since early 2020 first detected by the WMC Global Threat Intelligence Team.

Egress has announced enhancements to its reporting functionality, equipping customers with full visibility of their email security risk. Egress Analytics is available as part of Egress Prevent, Egress' flagship solution which utilizes contextual machine learning to mitigate the risk of human-activated email data breaches.

The FBI received more than 19,000 complaints of business email compromises last year, costing victims around $1.8 billion. Among the many types of cyber crimes affecting organizations and individuals last year, business email compromises and email account compromises proved especially costly.

That's according to researchers at Trustwave, who found that the campaign is effectively hiding a malicious executable by giving it a.ZIPX file extension, which is used to denote that a.ZIP archive format is compressed using the WinZip archiver. In reality, the appended file is an Icon image file wrapped inside a.RAR package.