Security News

A hacker began selling access to hundreds of stolen executive email accounts last Friday, ZDNet reported. Javvad Malik, security awareness advocate at cybersecurity company KnowBe4, called email account access the "Crown jewels" for anyone looking to damage an organization, and the accounts of C-level executives were even more integral to an enterprise.

As companies face a rising tide of cyber attacks, a new approach to email defence developed by cybersecurity company Darktrace uses our own ability to fight off external threats and replicates this 'immune system' approach in the digital world. Traditional email security vendors try to adapt with newer technologies like sandboxes, which run suspicious attachments in a controlled environment to see what they do.

The FBI is warning US companies about scammers actively abusing auto-forwarding rules on web-based email clients to increase the likelihood of successful Business Email Compromise attacks. BEC scammers used email rules added to the target' web-based email clients to hide their activity while impersonating employees or business partners.

They really know how to mix a perfectly balanced cocktail of software engineering and human insight when it comes to crafting the perfect spear-phishing attack. If a CEO or other C-level exec is hooked, they have the power to deliver virtually whatever the attackers desire - whether it's authorizing payment transfers, or spilling company secrets, or any number of actions only a chief exec can take, unchecked.

Players' managers looking to lift salaries by a couple of million pounds or so better check their email read receipts: a full week after Manchester United was hit by hackers, many of its systems remain offline, with at least one report claiming the club is being shaken down for ransom. In a statement, the football club told The Register: "Following the recent cyber attack on the club, our IT team and external experts secured our networks and have conducted forensic investigations. This attack was by nature disruptive, but we are not currently aware of any fan data being compromised."

Matthew Green, associate professor of computer science at Johns Hopkins University in the US, wants Google and other email providers to make it possible for people to deny they've written old email messages. He has asked the Gmail goliath, as the largest commercial email service, to rotate its Domain Keys Identified Mail encryption keys periodically and to publish old keys to reduce the incentive for hackers to steal and leak email messages.

Email security solutions provider Abnormal Security on Wednesday announced raising $50 million in a Series B funding round, which brings the total raised by the company to $75 million. Abnormal Security emerged from stealth mode exactly one year ago with $24 million in funding.

Coil has accidentally exposed some of its users' email addresses in a mass email announcement sent out today. At least 1,000 emails disclosed in mass announcement.

The Register has read it and can report that while it reveals that Coil seeks permission to share users' details with service providers, partners, and "Related entities". We cannot find a clause that resembles: "We reserve the right to expose your email address to countless other Coil users in the 'To:' field of an email."

LexisNexis Risk Solutions announced the availability of LexisNexis Emailage, a powerful fraud risk scoring solution fueled by email intelligence to help companies balance a seamless user experience with robust fraud detection and prevention capabilities. LexisNexis Emailage reimagines fraud detection by using email intelligence as a core risk identifier.