Security News

Zipx extension to obfuscate EXE payloads, crooks might be hoping to sneak the elderly NanoCore remote-access trojan through users' email and endpoint-scanning software. Instead, said the email security firm, these malicious attachments "Are actually image binary files, with attached extra data, which happens to be RAR".

The TA800 threat group is distributing a malware loader, which researchers call NimzaLoader, via ongoing, highly-targeted spear-phishing emails. The malware loader is unique in that it is written in the Nim programming language.

The European Banking Authority has confirmed it is another victim on the list of organisations affected by vulnerabilities in Microsoft Exchange. The EBA hurriedly pulled its email servers offline over the weekend as it realised that it was among the ranks of those hit by flaws in Microsoft Exchange being targeted by miscreants.

Microsoft is working on boosting Exchange Online phishing protection capabilities by adding support for external email message tags to its cloud-based email service. "This will be achieved by presenting a new tag on emails called 'External' in the message list," Microsoft explains in the Microsoft 365 roadmap.

The European Banking Authority, a key EU financial regulator, says it has fallen victim to a hack of its Microsoft email system which the US company blames on a Chinese group. Microsoft said last week that a state-sponsored group operating out of China was exploiting previously unknown security flaws in its Exchange email services to steal data from business and government users, believed to number in the tens of thousands so far.

At least 30,000 organizations across the United States - including a significant number of small businesses, towns, cities and local governments - have over the past few days been hacked by an unusually aggressive Chinese cyber espionage unit that's focused on stealing email from victim organizations, multiple sources tell KrebsOnSecurity. The espionage group is exploiting four newly-discovered flaws in Microsoft Exchange Server email software, and has seeded hundreds of thousands of victim organizations worldwide with tools that give the attackers total, remote control over affected systems.

Germany security officials are proposing that Internet companies should link a user's real-world identity to all of their instant messages, emails and other online communication, prompting criticism from digital rights activists. Like in many other countries, mobile phone firms in Germany are required to verify a customer's identity before selling them a SIM card.

Microsoft Corp. today released software updates to plug four security holes that attackers have been using to plunder email communications at companies that use its Exchange Server products. The patches released today fix security problems in Microsoft Exchange Server 2013, 2016 and 2019.

Key insights 95% of IT leaders believe that client and company data is at risk on email. Data is most at risk on email, with 83% of organizations experiencing email data breaches.

An AOL mail phishing campaign is underway to steal users' login name and password by warning recipients that their account is about to be closed. While most people are using Gmail, Outlook, or other modern free mail services, many older people continue to use AOL simply because they are used to the service and find it too complicated to switch to a new email service.