Security News

Cryptocurrency rewards platform Celsius Network has disclosed a security breach exposing customer information that led to a phishing attack. Today, Celsius CEO Alex Mashinsky stated that Celsius' third-party marketing server was compromised, and threat actors gained access to a partial Celsius customer list.

A Nigerian email scammer based in New York was on Tuesday sentenced to 40 months in prison, and ordered to pay back $2.7m in stolen money. As opposed to the infamous Nigerian email scams where people pretended to be heirs to fortunes and devised various ways to get victims to send them money to access their funds, the scam run by Eke and three other Nigerian conspirators was significantly more sophisticated, the indictment states [PDF].

A W2 tax email scam is circulating in the U.S. using Typeform, a popular software that specializes in online surveys and form building. According to Armorblox, the campaign also bypasses native Google Workspace email security filters in the victims it examined.

Tech support scammers are pretending to be from Microsoft, McAfee, and Norton to target users with fake antivirus billing renewals in a large-scale email campaign. While browsing the web, most people at one time or another have been redirected to a tech support scam web site that pretends your computer is infected and then prompts you to dial a displayed phone number.

By integrating innovative machine learning capabilities from Cyberfish with Cofense's detection and response technology, Cofense will bring to market a holistic, advanced automation solution for email protection, detection, and response. With the acceleration of digital transformation and migration to cloud email services from Microsoft 365 and Google Workspace, organizations are rethinking their email security architecture and technology stack.

A report released Wednesday by security firm GreatHorn looks at the risks of email attachments and suggests ways to defend your organization against such malicious payloads. Based on a survey of 256 cybersecurity professionals conducted in the U.S. in late March, the report found that 52% of them are most concerned with malicious payloads being delivered via email, while 47% are most worried about such payloads being delivered by a hyperlink within an email.

A zero-click security vulnerability in Apple's macOS Mail would allow a cyberattacker to add or modify any arbitrary file inside Mail's sandbox environment, leading to a range of attack types. According to Mikko Kenttälä, founder and CEO of SensorFu, exploitation of the bug could lead to unauthorized disclosure of sensitive information to a third party; the ability to modify a victim's Mail configuration, including mail redirects which enables takeover of victim's other accounts via password resets; and the ability to change the victim's configuration so that the attack can propagate to correspondents in a worm-like fashion.

Microsoft has fixed an Outlook bug that blocked users from forwarding or replying to emails containing embedded hyperlinks pointing to long URLs. Outlook for PC users experiencing this issue are seeing "Cannot send this item" errors according to customers' reports on Microsoft's community website.

Enterprise software developer Proxmox Server Solutions GmbH has released Proxmox Mail Gateway 6.4, the latest version of its open-source email security solution. Proxmox Mail Gateway is a complete operating system based on Debian Buster 10.9, but using Linux kernel 5.4.106, which is under long term support status.

The SolarWinds cyberattackers compromised the head of the Department of Homeland Security under former president Trump and other top-ranking members of the department's cybersecurity staff, according to a report. With Sunburst embedded, the attackers were then able to pick and choose which organizations to further penetrate, in a massive cyberespionage campaign that has hit nine U.S. government agencies, tech companies like Microsoft and 100 others hard.