#EmailSecurity

Malicious Links, AI-Enabled Tools, and Attacks on SMBs Among Top Cybersecurity Threats in H1 Mimecast Global Threat Intelligence Report

by

August 21, 2024 at 05:44PM Mimecast’s Global Threat Intelligence Report 2024 H1 highlights emerging cybersecurity threats, including a surge in malicious links and AI-driven attacks, predominantly affecting small businesses. The report also notes an increase in AI-enabled scams targeting both businesses and consumers. Chief Security & Resilience Officer Mick Paisley emphasizes the vital role of … Read more

Google Disrupts Iranian Hacking Activity Targeting US Presidential Election

by

August 15, 2024 at 09:21AM Google has disrupted an Iranian state-sponsored hacking campaign targeting individuals linked to the US elections. The campaign, attributed to APT42, targeted personal email accounts of former US officials and affiliates of President Biden and former President Trump. Google has proactively referred the activity to law enforcement and observed the use … Read more

Google Confirms an Iranian Group Is Trying to Access Emails Linked to Both US Presidential Campaigns

by

August 15, 2024 at 06:39AM Google’s threat intelligence has uncovered an Iranian-linked group’s attempt to infiltrate the personal email accounts of individuals connected to President Biden and former President Trump. The group targeted Biden, Trump, and Vice President Harris, and its activities align with a broader pattern of attempts to disrupt the U.S. election. This … Read more

Roundcube Webmail Flaws Allow Hackers to Steal Emails and Passwords

by

August 7, 2024 at 10:57AM Security researchers disclosed security flaws in Roundcube webmail software that could allow attackers to execute malicious JavaScript, steal sensitive information, and gain persistent foothold in browsers. The three vulnerabilities have been addressed in Roundcube versions 1.6.8 and 1.5.8 released on August 4, 2024. Additionally, a local privilege escalation flaw in … Read more

INTERPOL Recovers $41 Million in Largest Ever BEC Scam in Singapore

by

August 6, 2024 at 12:12PM INTERPOL introduced a “global stop-payment mechanism,” aiding recovery of funds in the largest-ever business email compromise (BEC) scam. A Singaporean firm lost $42.3 million to a fraudulent supplier but through INTERPOL’s mechanism and arrests, $39 million was recovered. Additionally, a cryptocurrency exchange, Cryptonator, and its founder face indictments for alleged … Read more

Abnormal Security Raises $250 Million at $5.1 Billion Valuation

by

August 6, 2024 at 08:12AM Abnormal Security raised $250 million in a Series D funding round, valuing the company at $5.1 billion. With a total investment of $546 million, the latest round was led by Wellington Management and saw participation from Greylock Partners, Menlo Ventures, and others. Abnormal provides an AI-native human behavior security platform, … Read more

Vulnerabilities Enable Attackers to Spoof Emails From 20 Million Domains

by

July 31, 2024 at 10:51AM Newly discovered vulnerabilities in hosted email services can allow threat actors to spoof sender identities and bypass security measures. The flaws, CVE-2024-7208 and CVE-2024-7209, enable authenticated attackers to send emails from different domains, potentially affecting over 20 million domains and numerous vendors. Measures to address the vulnerabilities include enhanced identity … Read more

How To Get the Most From Your Security Team’s Email Alert Budget

by

July 31, 2024 at 07:27AM Summary: Phishing attacks are increasing in size and complexity, necessitating efficient security operations. Material Security offers a unique email security and data protection approach to save security teams time. Their platform balances precision and recall, identifies and clusters suspicious messages, and automates user reporting, providing advanced protection and operational efficiency. … Read more

OneDrive Phishing Scam Tricks Users into Running Malicious PowerShell Script

by

July 30, 2024 at 03:24AM A new phishing campaign, known as OneDrive Pastejacking, targets Microsoft OneDrive users through social engineering tactics to execute a malicious PowerShell script. The attack tricks users by simulating a OneDrive page and providing false instructions to fix a DNS error. The campaign has been observed in various countries, signaling a … Read more

Proofpoint phishing palaver plagues millions with ‘perfectly spoofed’ emails from IBM, Nike, Disney, others

by

July 30, 2024 at 02:35AM A large-scale phishing campaign exploited a security vulnerability in Proofpoint’s email filtering to send three million fake emails daily, appearing to be from major companies. The spammers manipulated Proofpoint’s system to send malicious emails, tricking recipients into revealing sensitive information. Guardio Security notified Proofpoint and assisted in mitigating the attack, … Read more