January 19, 2024 at 06:33AM Summary: The article highlights the rising significance of data in the digital world, particularly in on-premises Exchange Server environments. It elaborates on the evolving threats of data loss, the changing role of administrators, and crucial backup and recovery strategies to prevent permanent data loss. The consequences of data loss and … Read more
January 18, 2024 at 03:14PM The Trend Micro’s Trend Vision One™ platform integrates business email security with collaboration, addressing the increasing need for unified protection. It provides comprehensive threat protection, detection, and response across email, servers, cloud, and network, assisting IT and security teams in managing risks effectively. The solution aims to prevent phishing, ransomware, … Read more
January 18, 2024 at 01:02PM Two cybercriminal groups used a French transportation company’s AWS accounts to send phishing emails, exploiting Amazon Web Services’ Simple Email Service (SES). The attackers bypassed spam filters and took advantage of SES’ features to send high volumes of emails. Cloud email attacks pose challenges in prevention and detection, with potential … Read more
January 18, 2024 at 07:24AM Security researcher Eaton Zveare gained unauthorized access to customer information in Toyota Tsusho Insurance Broker India’s email account due to misconfigurations and vulnerabilities. Zveare accessed the noreplyeicher@ttibi.co.in email account, exposing customer data, OTPs, and access to TTIBI’s Microsoft cloud account. TTIBI took two months to address the issues, but the … Read more
January 10, 2024 at 01:37PM Cybercriminals are using tactics such as fake 401(k) notices, open enrollment communications, and salary adjustment messages to steal employees’ credentials. Despite organizations’ robust email security solutions, phishing emails are still making their way into employees’ inboxes, particularly targeting large enterprises. Cofense advises coordinating and educating personnel to mitigate these attacks … Read more
January 9, 2024 at 09:14AM TitanHQ has launched PhishTitan Integrated Cloud Email Security (ICES), a cutting-edge native M365 anti-phishing solution. It effectively blocks and remediates threats like business email compromise, account takeover, and zero-day attacks. The solution, quickly adopted by existing customers, offers unbeatable phishing protection within M365 and boasts various key features to combat … Read more
January 4, 2024 at 01:06PM Mimecast has acquired Elevate Security, a startup specializing in user-education technology. The acquisition aims to enhance Mimecast’s Awareness Training product line with Elevate Security’s risk scoring algorithm and incident triage technology. Financial details were not disclosed. Mimecast plans to support Elevate Security’s existing customer base. Elevate Security, founded six years … Read more
January 3, 2024 at 06:18AM A new exploitation technique called SMTP smuggling allows threat actors to send malicious emails with fake sender addresses, bypassing security measures. The method exploits vulnerabilities in messaging servers from Microsoft, GMX, and Cisco, impacting SMTP implementations from Postfix and Sendmail. Cisco users are advised to change settings to avoid receiving … Read more
December 29, 2023 at 06:54AM Ukraine’s CERT-UA has warned of a new phishing campaign by the Russia-linked APT28 group targeting government entities through email messages, deploying malware such as OCEANMAP, MASEPIE, and STEELHOOK to harvest sensitive information. The attacks utilize various tools, including the Python-based MASEPIE and the C#-based OCEANMAP, with communications employing encrypted channels. … Read more
December 28, 2023 at 06:00AM Mandiant disclosed zero-day attacks targeting Barracuda Email Security Gateway (ESG) appliances, exploiting CVE-2023-7102 to execute malicious code in Excel email attachments. The China-linked threat actor UNC4841 used this vulnerability to target government, IT, and high-tech organizations. Barracuda promptly deployed updates and urged customers to follow the recommended guidance. UNC4841 has … Read more