Security News

Russian internet and search company Yandex announced today that one of its system administrators had enabled unauthorized access to thousands of user mailboxes. The investigation revealed that the employee's actions led to the compromise of almost 5,000 Yandex email inboxes.

It's something where by playing on those fears, by playing on those emotions, that's how a lot of these actors were able to be more successful on BEC. The most interesting thing with Cosmic Lynx is that with them doing that, they're able to ask for even higher amounts of money than we've seen with previous BEC actors. At the end of the day, that's the biggest thing we have to understand is we have to understand that business email compromise is just a symptom of something that we've been trying to track for the last 30 years.

Australian users are, for example, at a higher risk of being targeted that U.S.-based users, and older people are more likely to be targeted than youngsters. The researchers have analyzed over 1.2 billion email-based phishing and malware attacks against Gmail users and have singled out some interesting findings.

Kind old Google has published data on targeted email attacks and dispensed advice to help users separate friend from foe. The pandemic has presented malware-laden email flingers with a world of opportunity and a whole new set of attack vectors.

Because my email address is public, most of these messages are unsolicited; a few might even be dangerous. Scam emails often look real; they're personalized and can be quite convincing.

Cisco's anti-spam service SpamCop failed to renew spamcop.net over weekend, causing it to lapse, which resulted in countless messages being falsely labeled and rejected as spam around the world. When the domain name expired, *.spamcop.net resolved to a domain parking service's IP address.

An ongoing campaign powered by a phishing kit sold on underground forums is explicitly targeting high-ranking executives in a variety of sectors and countries with fake Office 365 password expiration notifications, Trend Micro researchers warn. The compromised accounts can be used to send out even more convincing phishing emails, perpetrate BEC scams, or collect sensitive information.

Mail Transfer Agent-Strict Transport Security is a relatively new standard that enables mail service providers the ability to enforce Transport Layer Security to secure SMTP connections and to specify whether the sending SMTP servers should refuse to deliver emails to MX hosts that that does not offer TLS with a reliable server certificate. SMTP TLS Reporting is a standard that enables reporting issues in TLS connectivity experienced by applications that send emails and detect misconfigurations.

The Secure Content Management market is expected to achieve an 11.4% compound annual growth rate to reach $2.2 billion in total web and email security revenues by 2024, according to Frost & Sullivan. Threats include more advanced and sophisticated targeted phishing emails, business email compromises, and malicious content.

Three vulnerabilities in the Amazon Kindle e-reader would have allowed a remote attacker to execute code and run it as root - paving the way for siphoning money from unsuspecting users. Yogev Bar-On, researcher at Realmode Labs, found that it was possible to email malicious e-books to the devices via the "Send to Kindle" feature to start a chain of attack - a discovery that earned him $18,000 from the Amazon bug-bounty program.