Security News

When you own a short email address at a popular email provider, you are bound to get gobs of spam, and more than a few alerts about random people trying to seize control over the account. If your account name is short and desirable enough, this kind of activity can make the account less reliable for day-to-day communications because it tends to bury emails you do want to receive.

Synacor unveiled its flagship Zimbra Cloud collaboration suite for small and medium businesses and prosumers, via Zimbra Gold Partner XMission. Zimbra Cloud is designed to improve productivity and effectiveness by supporting multiple collaboration modalities from a single, familiar, email-centric workspace.

The latest variant of this trojan extracts email threads from Outlook, which it uses for phishing attacks, says Check Point Research. A new phishing campaign analyzed by threat intelligence provider Check Point reveals how the old Qbot trojan has been repurposed to phish people by capturing their email threads.

One new Qbot feature hijacks a victim's Outlook-based email thread and uses it to infect other PCs. The 12-year-old malware resurface in January 2020, according to F5 researchers, who issued a report in June detailing new Qbot evasive features to avoid detection. Most of the victims of the new Qbot campaigns have been in the United States, where 29 percent of Qbot attacks have been detected, followed by India, Israel and Italy, according to Check Point.

Business Email Compromise, is a form of targeted phishing where attackers disguise themselves as senior executives to dupe employees into doing something they absolutely shouldn't, like wire money. BEC emails can be difficult to detect using security solutions because no malware is involved.

Google released a patch for an email spoofing vulnerability affecting Gmail and G Suite seven hours after it was publicly disclosed, but the tech giant knew about the flaw since April. "I chose to send to another G Suite account to demonstrate that Google's strong mail filtering and anti-spam techniques do not block or detect this attack," the researcher explained.

A group of academic researchers has devised practical attacks against major standards in email end-to-end encryption, which could lead to the exfiltration of sensitive information. The proposed attacks target the OpenPGP and S/MIME encryption schemes, and can be used to leak private keys and other data, researchers with the Ruhr University Bochum and Münster University of Applied Sciences explain in a newly published paper.

Chinese hackers infiltrated at least 10 Taiwan government agencies and gained access to around 6,000 email accounts in an attempt to steal data, officials said Wednesday. The damage done was "Not small", according to a top Taiwan cyber official, who said the full impact was still being assessed.

More than half of global airlines do not have DMARC policies in place, opening their customers up to email fraud attacks, a new report found. "Overall, major global carriers are failing to implement adequate email protection - leaving themselves open to phishing, impersonation attacks and other unauthorized use of corporate domains. This is despite email remaining the number one threat vector for cybercriminals," according to Adenike Cosgrove with Proofpoint in a Tuesday report.

Boffins testing the security of OpenPGP and S/MIME, two end-to-end encryption schemes for email, recently found multiple vulnerabilities in the way email client software deals with certificates and key exchange mechanisms. In a paper [PDF] titled "Mailto: Me Your Secrets. On Bugs and Features in Email End-to-End Encryption," presented earlier this summer at the virtual IEEE Conference on Communications and Network Security, Jens Müller, Marcus Brinkmann, and Joerg Schwenk and Damian Poddebniak and Sebastian Schinzel reveal how they were able to conduct key replacement, MITM decryption, and key exfiltration attacks on various email clients.