December 5, 2023 at 03:12AM Microsoft identified activity by Russian-supported threat group Forest Blizzard (also known as APT28 and other names) exploiting a severe Outlook security flaw, CVE-2023-23397, to access email accounts on Exchange servers. The group targeted various sectors and used the bug to maintain unauthorized mailbox access. Microsoft patched the bug in March … Read more
November 30, 2023 at 08:30AM Google launched RETVec, a multilingual text vectorizer to enhance Gmail’s detection of harmful content such as spam and phishing emails. RETVec counters evasion tactics like typos or homoglyphs and supports over 100 languages. It improved spam detection by 38%, reduced false positives, and cut computational costs. Here are the key … Read more
November 30, 2023 at 06:06AM Google’s new RETVec, a multilingual text vectorizer, has improved Gmail’s spam detection by 38%, reducing false positives/negatives while enhancing performance. RETVec, efficient and resilient, requires no text preprocessing, works with all languages, and is now open source with a tutorial available. Takeaways from the Meeting Notes: 1. Google has developed … Read more
November 16, 2023 at 11:48AM A zero-day flaw in the Zimbra Collaboration email software was exploited by four different groups, resulting in the theft of email data, user credentials, and authentication tokens. The flaw, tracked as CVE-2023-37580, allowed the execution of malicious scripts by tricking users into clicking on a specially crafted URL. The attacks … Read more
November 16, 2023 at 10:25AM The FBI has issued a warning about fraudsters using the conflict in Gaza to scam people into donating cryptocurrencies. These cybercriminals pretend to be fundraisers or charities and use various methods, such as emails, social media, cold calls, and crowdfunding sites, to convince victims that their money will go to … Read more
November 9, 2023 at 06:39AM Wing Security has introduced a solution to address the risks associated with email auto-forwarding rules. While auto-forwarding is convenient, it can lead to the unauthorized dissemination of sensitive information. Wing’s SaaS security solution now includes a feature to detect and prevent auto-email forwarding. Additionally, Wing offers tools to identify and … Read more
November 9, 2023 at 03:50AM A phishing campaign has been discovered where threat actors send emails with a link to a file-sharing solution called DRACOON.team. When victims click on the link, they are directed to a PDF document containing a secondary link that leads to a fake Microsoft 365 login page. The attackers use reverse … Read more
October 26, 2023 at 12:45PM The Russian APT28 hacking group, also known as ‘Strontium’ or ‘Fancy Bear,’ has been targeting various entities in France since the second half of 2021. They have exploited vulnerabilities in WinRAR and Microsoft Outlook, compromised peripheral devices, and utilized VPN clients. ANSSI recommends focusing on email security to defend against … Read more
October 24, 2023 at 05:57PM The City of Philadelphia has disclosed that certain individuals’ information was stolen in a cyberattack involving its email environment. Unauthorized access to city email accounts occurred between May 26 and July 28, and personal information, health information, and financial information may have been compromised. The investigation is ongoing, and the … Read more
October 23, 2023 at 03:48PM The city of Philadelphia has issued a notice confirming a data breach involving personal health information. A threat actor gained access to the city’s email accounts between May and July this year. The types of information compromised include demographic, medical, and limited financial information. The city advises affected individuals to … Read more