Security News

Ukraine Arrests Trio for Hijacking Over 100 Million Email and Instagram Accounts
2024-03-20 06:48

The Cyber Police of Ukraine has arrested three individuals on suspicion of hijacking more than 100 million emails and Instagram accounts from users across the world. The suspects, aged between 20...

International Monetary Fund email accounts hacked in cyberattack
2024-03-15 19:48

The International Monetary Fund disclosed a cyber incident on Friday after unknown attackers breached 11 IMF email accounts earlier this year. The IMF has found no evidence that the attackers gained access to other systems or resources outside of the breached email accounts.

Tuta Mail adds new quantum-resistant encryption to protect email
2024-03-11 21:21

Tuta Mail has announced TutaCrypt, a new post-quantum encryption protocol to secure communications from powerful and anticipated decryption attacks. Tuta Mail is an open-source end-to-end encrypted email service with ten million users.

Email security trends in the energy and infrastructure sector
2024-03-11 05:00

In this Help Net Security video, Mike Britton, CISO at Abnormal Security, discusses how energy and infrastructure organizations face an increased risk of business email compromise and vendor email compromise attacks. According to Abnormal Security data, from February 2023 to July 2023, the average number of BEC weekly attacks was 0.53 per 1,000 mailboxes.

Week in review: Attackers use phishing emails to steal NTLM hashes, Patch Tuesday forecast
2024-03-10 09:00

What organizations need to know about the Digital Operational Resilience ActIn this Help Net Security interview, Kris Lovejoy, Global Security and Resilience Leader at Kyndryl, discusses the impact of the Digital Operational Resilience Act on organizations across the EU, particularly in ICT risk management and cybersecurity. Cisco patches Secure Client VPN flaw that could reveal authentication tokensCisco has fixed two high-severity vulnerabilities affecting its Cisco Secure Client enterprise VPN and endpoint security solution, one of which could be exploited by unauthenticated, remote attackers to grab users' valid SAML authentication token.

Hundreds of orgs targeted with emails aimed at stealing NTLM authentication hashes
2024-03-05 10:36

A threat actor specializing in establishing initial access to target organizations' computer systems and networks is using booby-trapped email attachments to steal employees' NTLM hashes. "User authentication in Windows is used to prove to a remote system that a user is who they say they are. NTLM does this by proving knowledge of a password during a challenge and response exchange without revealing the password to anyone," Microsoft said in a recent post that announced their goal to deprecate NTLM use in favor of Kerberos - a more modern, extensible and secure authentication protocol.

SubdoMailing campaign spams 5 million emails daily via 8k hijacked domains
2024-02-26 14:00

A massive ad fraud campaign named "SubdoMailing" is using over 8,000 legitimate internet domains and 13,000 subdomains to send up to five million emails per day to generate revenue through scams and malvertising. "The campaign is called"SubdoMailing, as the threat actors hijack abandoned subdomains and domains belonging to well-known companies to send their malicious emails.

Secure email gateways struggle to keep pace with sophisticated phishing campaigns
2024-02-23 05:00

In 2023, malicious email threats bypassing secure email gateways increased by more than 100%, according to Cofense. "As we unveil the statistics from the 2024 Annual State of Email Security Report, it's evident that the email-based attack vector is evolving at an unprecedented pace going into 2024," said David Van Allen, CEO of Cofense.

IT Email Templates: Security Alerts
2024-02-21 16:00

All company communication needs may vary but certain standard template messages can come in handy for IT staff to keep employees up to date on "Need to know" informational bulletins. A formal set of message templates will allow you to deliver both event-based and proactive communications, which ensures that everyone is up to speed on critical developments, projects and company policies.

Insider steals 79,000 email addresses at work to promote own business
2024-02-20 11:01

A former council staff member in the district where William Shakespeare was born ransacked databases filled with residents' information to help drum up new business for their outside venture. The UK's Stratford-on-Avon District Council concluded its investigation into a November data breach last week, finding tens of thousands of email addresses stolen from a garden and waste collection database.