Security News
More than half of global airlines do not have DMARC policies in place, opening their customers up to email fraud attacks, a new report found. "Overall, major global carriers are failing to implement adequate email protection - leaving themselves open to phishing, impersonation attacks and other unauthorized use of corporate domains. This is despite email remaining the number one threat vector for cybercriminals," according to Adenike Cosgrove with Proofpoint in a Tuesday report.
Boffins testing the security of OpenPGP and S/MIME, two end-to-end encryption schemes for email, recently found multiple vulnerabilities in the way email client software deals with certificates and key exchange mechanisms. In a paper [PDF] titled "Mailto: Me Your Secrets. On Bugs and Features in Email End-to-End Encryption," presented earlier this summer at the virtual IEEE Conference on Communications and Network Security, Jens Müller, Marcus Brinkmann, and Joerg Schwenk and Damian Poddebniak and Sebastian Schinzel reveal how they were able to conduct key replacement, MITM decryption, and key exfiltration attacks on various email clients.
Boffins testing the security of OpenPGP and S/MIME, two end-to-end encryption schemes for email, recently found multiple vulnerabilities in the way email client software deals with certificates and key exchange mechanisms. In a paper [PDF] titled "Mailto: Me Your Secrets. On Bugs and Features in Email End-to-End Encryption," presented earlier this summer at the virtual IEEE Conference on Communications and Network Security, Jens Müller, Marcus Brinkmann, and Joerg Schwenk and Damian Poddebniak and Sebastian Schinzel reveal how they were able to conduct key replacement, MITM decryption, and key exfiltration attacks on various email clients.
A just-released volume [PDF] from the panel's dossier on Russia's efforts to meddle in that year's White House race pretty much accuses the Assange-run WikiLeaks of actively helping Moscow in its dirty work - by obtaining the internal memos from Russian hackers and spreading them online to derail Hillary Clinton's campaign and help nudge Donald Trump to victory. 'A key role in the Russian influence campaign'.
The Cybersecurity and Infrastructure Security Agency has published an alert to provide information on attacks delivering the KONNI remote access Trojan. Active since at least 2014 but remaining unnoticed for over three years, KONNI has been used in highly targeted attacks only, including ones aimed at the United Nations, UNICEF, and entities linked to North Korea.
Cybersecurity training organisation the SANS Institute suffered the loss of 28,000 items of personally identifiable information after a staffer's email account was accessed by malicious people. In a statement on its website, SANS said: "Aside from the affected user, we currently believe that no other accounts or systems at SANS were compromised."
The SANS Institute has disclosed a security incident which resulted in 28,000 records of personally identifiable information being forwarded to an unknown email address. During the audit, the company identified a forwarding rule on one email account, meant to forward emails to an unknown external address.
We've seen phishing emails and malicious content centered around the initial spread of the virus, the resulting lockdown, the transition to remote working, the stimulus payments, and the return-to-work effort. One especially sensitive area found in many phishing emails has been the promise of a coronavirus vaccine.
IRONSCALES plans to use the funding to further accelerate its aggressive growth strategy through market expansion and ongoing research and development of its email security platform. "While we weren't actively seeking capital, partnering with Jump was too good of an opportunity for us to pass up," said Eyal Benishti, IRONSCALES founder and CEO. "With this Series B extension, and with Jump and McNulty on our team, we will be able to accelerate our marketplace momentum through investments in both people and technology, helping reduce the risk from what has become a global email phishing epidemic."
DEF CON is perhaps the ultimate "Come one/come all" hackers' convention, now in its 28th year, and it famously takes place in Las Vegas each year in a fascinating juxtaposition with Black Hat USA, a corporate cybersecurity event. The DEF CON Villages are breakout zones at the event where where likeminded researchers gather to attend talks and discussions in research fields all the way from Aerospace, Application Security and AI to Social Engineering, Voting Machines and Wireless.