Security News

Australian users are, for example, at a higher risk of being targeted that U.S.-based users, and older people are more likely to be targeted than youngsters. The researchers have analyzed over 1.2 billion email-based phishing and malware attacks against Gmail users and have singled out some interesting findings.

Kind old Google has published data on targeted email attacks and dispensed advice to help users separate friend from foe. The pandemic has presented malware-laden email flingers with a world of opportunity and a whole new set of attack vectors.

Because my email address is public, most of these messages are unsolicited; a few might even be dangerous. Scam emails often look real; they're personalized and can be quite convincing.

Cisco's anti-spam service SpamCop failed to renew spamcop.net over weekend, causing it to lapse, which resulted in countless messages being falsely labeled and rejected as spam around the world. When the domain name expired, *.spamcop.net resolved to a domain parking service's IP address.

An ongoing campaign powered by a phishing kit sold on underground forums is explicitly targeting high-ranking executives in a variety of sectors and countries with fake Office 365 password expiration notifications, Trend Micro researchers warn. The compromised accounts can be used to send out even more convincing phishing emails, perpetrate BEC scams, or collect sensitive information.

Mail Transfer Agent-Strict Transport Security is a relatively new standard that enables mail service providers the ability to enforce Transport Layer Security to secure SMTP connections and to specify whether the sending SMTP servers should refuse to deliver emails to MX hosts that that does not offer TLS with a reliable server certificate. SMTP TLS Reporting is a standard that enables reporting issues in TLS connectivity experienced by applications that send emails and detect misconfigurations.

The Secure Content Management market is expected to achieve an 11.4% compound annual growth rate to reach $2.2 billion in total web and email security revenues by 2024, according to Frost & Sullivan. Threats include more advanced and sophisticated targeted phishing emails, business email compromises, and malicious content.

Three vulnerabilities in the Amazon Kindle e-reader would have allowed a remote attacker to execute code and run it as root - paving the way for siphoning money from unsuspecting users. Yogev Bar-On, researcher at Realmode Labs, found that it was possible to email malicious e-books to the devices via the "Send to Kindle" feature to start a chain of attack - a discovery that earned him $18,000 from the Amazon bug-bounty program.

Cybersecurity firm Malwarebytes today confirmed that the threat actor behind the SolarWinds supply-chain attack were able to gain access to some company emails. "While Malwarebytes does not use SolarWinds, we, like many other companies were recently targeted by the same threat actor," Malwarebytes CEO and co-founder Marcin Kleczynski said.

Anyvan, the European online marketplace that lets users buy delivery, transport or removal services from a network of providers, has confirmed it was the victim of a digital burglary that involved the theft of customers' personal data. The company wrote to customers mid-last week to inform them of a "Breach of security resulting in the unauthorised access to data from our user database," according to the email seen by The Register.