Security News
DMARC enforces the use of a combination ofSPF andDKIM email authentication technologies to ensure only real emails are delivered to the end receivers. Without DMARC, all emails sent from the email domain of your business reaches the receiver's inbox without any security check or validation.
The Federal Bureau of Investigation has issued a notification to warn organizations of scammers setting up auto-forwarding email rules to facilitate business email compromise schemes. Cybercriminals are exploiting the mass shift to telework during the COVID-19 pandemic to conduct malicious operations, including BEC scams that are more likely to succeed due to the targeting of an email rule forwarding vulnerability.
A hacker began selling access to hundreds of stolen executive email accounts last Friday, ZDNet reported. Javvad Malik, security awareness advocate at cybersecurity company KnowBe4, called email account access the "Crown jewels" for anyone looking to damage an organization, and the accounts of C-level executives were even more integral to an enterprise.
As companies face a rising tide of cyber attacks, a new approach to email defence developed by cybersecurity company Darktrace uses our own ability to fight off external threats and replicates this 'immune system' approach in the digital world. Traditional email security vendors try to adapt with newer technologies like sandboxes, which run suspicious attachments in a controlled environment to see what they do.
The FBI is warning US companies about scammers actively abusing auto-forwarding rules on web-based email clients to increase the likelihood of successful Business Email Compromise attacks. BEC scammers used email rules added to the target' web-based email clients to hide their activity while impersonating employees or business partners.
They really know how to mix a perfectly balanced cocktail of software engineering and human insight when it comes to crafting the perfect spear-phishing attack. If a CEO or other C-level exec is hooked, they have the power to deliver virtually whatever the attackers desire - whether it's authorizing payment transfers, or spilling company secrets, or any number of actions only a chief exec can take, unchecked.
Players' managers looking to lift salaries by a couple of million pounds or so better check their email read receipts: a full week after Manchester United was hit by hackers, many of its systems remain offline, with at least one report claiming the club is being shaken down for ransom. In a statement, the football club told The Register: "Following the recent cyber attack on the club, our IT team and external experts secured our networks and have conducted forensic investigations. This attack was by nature disruptive, but we are not currently aware of any fan data being compromised."
Matthew Green, associate professor of computer science at Johns Hopkins University in the US, wants Google and other email providers to make it possible for people to deny they've written old email messages. He has asked the Gmail goliath, as the largest commercial email service, to rotate its Domain Keys Identified Mail encryption keys periodically and to publish old keys to reduce the incentive for hackers to steal and leak email messages.
Email security solutions provider Abnormal Security on Wednesday announced raising $50 million in a Series B funding round, which brings the total raised by the company to $75 million. Abnormal Security emerged from stealth mode exactly one year ago with $24 million in funding.
