Security News

Using indicators of compromise made available by FireEye, threat intelligence and incident response firm Volexity determined that the threat group behind the SolarWinds hack targeted a U.S. think tank earlier this year, and it used a clever method to bypass multi-factor authentication and access emails. "At the time of the investigation, Volexity deduced that the likely infection was the result of the SolarWinds box on the target network; however, it was not fully understood exactly how the breach occurred, therefore Volexity was not in a position to report the circumstances surrounding the breach to SolarWinds," Volexity said.

Here's our latest Naked Security Live talk, about how to avoid email scams that arrive under the guise of a well-known brand - in this case, global sandwich seller Subway. Watch directly on YouTube if the video won't play here.

The attackers behind the attack leveraged hundreds of compromised, legitimate email accounts in order to target organizations with emails, which pretended to be document delivery notifications. In reality, the phishing attack stole victims' Office 365 credentials.

Subway UK has disclosed that a hacked system used for marketing campaigns is responsible for the malware-laden phishing emails sent to customers yesterday. Starting yesterday, Subway UK customers received strange emails from 'Subcard' about a Subway order that was placed.

Subway patrons in the UK received suspicious emails this morning and infosec researchers fear this is linked to the theft of customer details - and a Trickbot malware campaign. "I've just had an email purporting to be from Subway and sent to an address used only for Subway," Reg reader Alan told us.

A new global report on phishing attempts shows how the workforce has responded to security threats since COVID-19, and the new vulnerabilities that have resulted from the remote work landscape. Terranova Security's new "2020 Gone Phishing Tournament," part of its Phishing Benchmark Global Report, looks at the impact of phishing attacks on the remote workforce, citing an increase in phishing simulation clicks, as well as compromised data.

Tutanota has been served with a court order to backdoor its encrypted email service - a situation founder Matthias Pfau described to The Register as "Absurd." Our friends at Heise reported auf Deutsch that a court in Germany last month ordered Tutanota to help investigators monitor the contents of a user's encrypted mailbox.

Many companies have no mechanism to deal with a common problem: when users open accounts using someone else's email address, either by accident or design. The problem is not only that email addresses are easily spoofed - mitigated by mechanisms like SPF and DKIM - but that they also lack any robust process by which organisations collect email details.

DMARC enforces the use of a combination ofSPF andDKIM email authentication technologies to ensure only real emails are delivered to the end receivers. Without DMARC, all emails sent from the email domain of your business reaches the receiver's inbox without any security check or validation.

The Federal Bureau of Investigation has issued a notification to warn organizations of scammers setting up auto-forwarding email rules to facilitate business email compromise schemes. Cybercriminals are exploiting the mass shift to telework during the COVID-19 pandemic to conduct malicious operations, including BEC scams that are more likely to succeed due to the targeting of an email rule forwarding vulnerability.