July 29, 2024 at 09:57AM The ‘EchoSpoofing’ phishing campaign exploited Proofpoint’s email protection service, sending millions of spoofed emails impersonating major companies. The emails aimed to steal personal info and incurred charges, while passing SPF and DKIM checks. Guardio Labs discovered and helped fix the security gap, leading to Proofpoint tightening security and introducing new … Read more
July 29, 2024 at 09:24AM An unknown threat actor exploited an email routing misconfiguration in Proofpoint’s defenses to send millions of spoofed emails. The campaign, named EchoSpoofing, began in January 2024 and utilized SMTP servers on virtual private servers, bypassing major security protections. The attacker sent messages impersonating legitimate domains, and the technique eluded detection. … Read more
July 26, 2024 at 06:27AM Email security providers are expanding their offerings to include human risk management tools for data loss prevention (DLP). Mimecast acquired Code42, their second human risk management acquisition this year. Competitors like Proofpoint, Sophos, and ESET are also making similar moves. Mimecast’s CEO highlighted plans to integrate Code42’s capabilities and maintain … Read more
July 24, 2024 at 10:42AM Michigan Medicine, the University of Michigan’s academic medical center, is notifying 57,000 individuals about a data breach. Threat actors gained access to employee email accounts, potentially compromising personal and health information. Though no evidence of patient data theft was found, sensitive information like names, addresses, and medical record numbers may … Read more
July 23, 2024 at 01:16PM Summary: Sara Atie’s article discusses the growing threat of QR code-based phishing attacks and the need for organizations to adopt robust protection measures to safeguard against these modern cyber threats. The article highlights common signs of QR code attacks and proposes proactive solutions to mitigate the risk. Key takeaways from … Read more
July 18, 2024 at 02:23PM Three novel attack techniques chaining vulnerabilities found in email-hosting platforms allow spoofing of emails from over 20 million trusted organization domains. Researchers at PayPal discovered flaws that bypass SPF, DKIM, and DMARC protocols, affecting large email service providers. They plan to disclose these vulnerabilities in an upcoming conference. The attacks … Read more
July 18, 2024 at 08:51AM Cisco has resolved a critical vulnerability (CVE-2024-20401) in Security Email Gateway (SEG) appliances, allowing attackers to add new users with root privileges and cause a permanent denial of service. The flaw involves an absolute path traversal weakness. Affected appliances running certain Cisco AsyncOS releases can be fixed with updated Content … Read more
July 18, 2024 at 07:45AM Cisco announced software updates for around a dozen vulnerabilities, which included critical-severity bugs in Secure Email Gateway and Smart Software Manager On-Prem. The flaws could allow an attacker to execute arbitrary code, initiate denial-of-service conditions, or access the web UI with compromised user privileges. Cisco also addressed high-severity vulnerabilities in … Read more
July 17, 2024 at 03:09PM Microsoft is introducing inbound SMTP DANE with DNSSEC for Exchange Online in public preview to enhance email security. This includes utilizing TLS Authentication (TLSA) DNS record for verifying mail server identity and using DNSSEC for cryptographically verifying DNS records. The rollout, scheduled until 2025, aims to protect email domains from … Read more
July 10, 2024 at 11:03AM Unidentified attackers are propagating a novel credential-harvesting remote access trojan, dubbed Poco RAT, mainly targeting sectors in Latin America. Using email campaigns with Spanish-themed finance lures and Google Drive links, the malware evades email gateways. It is built for anti-analysis, communication with a C2 server, and file delivery, while relying … Read more