Security News

Google has started automatically blocking emails sent by bulk senders who don't meet stricter spam thresholds and authenticate their messages as required by new guidelines to strengthen defenses against spam and phishing attacks. Non-compliance may result in email delivery issues, including rejected emails or emails being automatically sent to recipients' spam folders.

In what was originally being called a serious IT outage at the end of last week, the union confirmed to The Register today that the incident is now being treated as an attack, the full extent of which is still being assessed. The CWU told us on March 22 that its email services weren't working and that it has engaged third-party cybersecurity experts who have been on site since 0900 UTC on March 21.

Employees at US-based organizations are being targeted with emails delivering NetSupport RAT malware via "Nuanced" exploitation and by using an advanced detection evasion method. The phishing emails prompts recipients to download an attached Office Word file to view their "Monthly salary report".

Hackers hijacked the official contact email for the Belgian Grand Prix event and used it to lure fans to a fake website promising a €50 gift voucher. The Spa Gran Prix is a Formula 1 World Championship race held at the Circuit de Spa-Francorchamps in Stavelot, Belgium.

The Cyber Police of Ukraine has arrested three individuals on suspicion of hijacking more than 100 million emails and Instagram accounts from users across the world. The suspects, aged between 20...

The International Monetary Fund disclosed a cyber incident on Friday after unknown attackers breached 11 IMF email accounts earlier this year. The IMF has found no evidence that the attackers gained access to other systems or resources outside of the breached email accounts.

Tuta Mail has announced TutaCrypt, a new post-quantum encryption protocol to secure communications from powerful and anticipated decryption attacks. Tuta Mail is an open-source end-to-end encrypted email service with ten million users.

In this Help Net Security video, Mike Britton, CISO at Abnormal Security, discusses how energy and infrastructure organizations face an increased risk of business email compromise and vendor email compromise attacks. According to Abnormal Security data, from February 2023 to July 2023, the average number of BEC weekly attacks was 0.53 per 1,000 mailboxes.

What organizations need to know about the Digital Operational Resilience ActIn this Help Net Security interview, Kris Lovejoy, Global Security and Resilience Leader at Kyndryl, discusses the impact of the Digital Operational Resilience Act on organizations across the EU, particularly in ICT risk management and cybersecurity. Cisco patches Secure Client VPN flaw that could reveal authentication tokensCisco has fixed two high-severity vulnerabilities affecting its Cisco Secure Client enterprise VPN and endpoint security solution, one of which could be exploited by unauthenticated, remote attackers to grab users' valid SAML authentication token.

A threat actor specializing in establishing initial access to target organizations' computer systems and networks is using booby-trapped email attachments to steal employees' NTLM hashes. "User authentication in Windows is used to prove to a remote system that a user is who they say they are. NTLM does this by proving knowledge of a password during a challenge and response exchange without revealing the password to anyone," Microsoft said in a recent post that announced their goal to deprecate NTLM use in favor of Kerberos - a more modern, extensible and secure authentication protocol.