Security News

Many people using email to share files despite lack of security
2020-06-19 16:35

Despite this lack of security, a survey conducted by encryption security provider NordLocker found email the most popular way to share files. In a survey about file sharing and security directed toward 1,400 adults, NordLocker discovered that 58% of those in the US and 56% of those in UK use email as the most common method of sharing files.

BofA Phish Gets Around DMARC, Other Email Protections
2020-06-18 13:00

A credential-phishing attempt that relies on impersonating Bank of America has emerged in the U.S. this month, with emails that get around secure gateway protections and heavy-hitting protections like DMARC. The campaign involves emails that ask recipients to update their email addresses, warning users that their accounts could be recycled if this isn't done. "This ensured that the email wasn't caught in the bulk email filters provided by native Microsoft email security or the Secure Email Gateway."

Email security challenges and BEC trends during the pandemic
2020-06-18 04:00

COVID-related attacks increased 436% between the second and third weeks of March 2020, with an average 173% week-over-week increase during the quarter, according to Abnormal Security. Attackers also adjusted their targets, with attacks on finance employees increasing more than 75% as attacks on C-Suite executives decreased by 37%. This illustrates a trend away from paycheck and engagement fraud and toward payment fraud, specifically invoice fraud attacks, which increased more than 75%. "The email security trends we witnessed during Q1 are most certainly related to the COVID-19 pandemic and the shift to work from home, but they also reflect greater sophistication and attack strategy by threat actors," said Evan Reiser, CEO, Abnormal Security.

BitDam provides SMEs with an additional layer of defense against email-based cyber-attacks
2020-06-18 01:45

BitDam announced that it is available to small to medium-sized enterprises to provide an additional layer of defense against email-based cyber-attacks. BitDam stops unknown threats, even detecting the 25% of unknown threats that other solutions miss, and patches important security holes in SME email and other collaboration platforms.

How Business Email Compromise attacks pose a threat to organizations
2020-06-17 13:57

BEC campaigns represent a relatively small percentage of all email attacks yet pose the greatest financial risk, says Abnormal Security. One less common but potentially more dangerous attack type is the Business Email Compromise.

Business email compromise: What can be learned from the Norfund attack
2020-06-17 06:00

The recent attack which saw Norway's state-owned investment fund, Norfund, lose an eye-watering USD 10 million was down to a simple but devastatingly effective tactic used by cybercriminals: a spoofed email address. These attacks, known as business email compromise work because they prey on human nature, the innate psychological traits shared by everyone.

Black Lives Matter Emails Deliver TrickBot Malware
2020-06-11 20:59

Cyberattackers are seizing upon the 24-hour news cycle again in order to capitalize on the current zeitgeist - this time with a fake Black Lives Matter malspam campaign that distributes the TrickBot malware. The messages use a grammatically challenged subject line, "Vote anonymous about Black Lives Matter," or "Leave a review confidentially about Black Lives Matter," and purport to contain a survey document.

10 takeaways from Mimecast's 2020 email security report
2020-06-09 09:30

Security vendor Mimecast has released its fourth annual State of Email Security report for 2020. The report is filled with data about email security, but for those looking for action items Mimecast has provided a list of 10 takeaways that point out particular risks and provide IT security decision makers with some avenues to focus on in the coming months.

Trump, Biden Campaign Staffers Targeted By APT Phishing Emails
2020-06-04 20:10

With the U.S. presidential election months away, advanced persistent threat groups are targeting the campaign staffers of both Donald Trump and Joe Biden in recent phishing attacks. A China-linked APT group targeted Biden's campaign staff, while an Iran-linked APT targeted Trump's.

Have I Been Pwned breach report email pwned entire firm's helldesk ticket system
2020-06-04 17:45

A hapless IT bod found the Have I Been Pwned service answering its own question in a way he really didn't want - after a breach report including a SQL string KO'd his company's helpdesk ticket system. A pseudonymous blogger posting under the name Matt published a tortured account of what happened when a breach notification email from HIBP was ingested into his firm's helpdesk ticket system and was automatically assigned a ticket ID. The company used version 9.4.5 of the GLPi open source helpdesk system, a rather old product but quite functional.