Tag: email
-
5 Encrypted Attack Predictions for 2025
Tags: access, ai, apt, attack, automation, cloud, communications, computer, computing, control, cryptography, cyber, cyberattack, cybercrime, data, data-breach, defense, detection, email, encryption, exploit, government, group, india, infrastructure, intelligence, Internet, malicious, malware, network, phishing, ransomware, risk, service, tactics, technology, threat, update, vpn, zero-trustThe cyberthreat landscape of 2024 was rife with increasingly sophisticated threats, and encryption played a pivotal role”, a staggering 87.2% of threats were hidden in TLS/SSL traffic. The Zscaler cloud blocked 32.1 billion attempted encrypted attacks, a clear demonstration of the growing risk posed by cybercriminals leveraging encryption to evade detection. ThreatLabz reported that malware…
-
Dell ends hybrid work policy, demands returnoffice despite remote work pledge
That email chain could have been a 30-second chit-chat, says IT giant First seen on theregister.com Jump to article: www.theregister.com/2025/01/31/dell_ends_hybrid_work_policy/
-
Bitwarden Requires Mandatory Email Verification For Non-2FA Accounts
First seen on scworld.com Jump to article: www.scworld.com/brief/bitwarden-requires-mandatory-email-verification-for-non-2fa-accounts
-
Devil-Traff: A New Bulk SMS Platform Driving Phishing Campaigns
Employees in most organizations receive countless communications daily”, emails, Slack messages, or ticket updates, for example. Hidden among these routine interactions are phishing scams designed to exploit trust and compromise security. Imagine an employee receiving a text that appears to be from their bank: “Suspicious activity detected on your account. Click here to secure your…
-
January Windows 10 preview update force installs new Outlook
Microsoft has started force-installing the new Outlook email client on Windows 10 systems for users who deploy this month’s KB5050081 non-security preview update. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/january-windows-10-preview-update-force-installs-new-outlook/
-
Threat Actors Exploit Government Websites for Phishing
Cybercriminals exploit government websites using open redirects and phishing tactics, bypassing secure email gateway protections First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/threat-actors-exploit-gov-websites/
-
New phishing campaign targets users in Poland and Germany
An ongoing phishing campaign, presumably by an advanced persistent threat (APT) actor, is seen dropping a new backdoor on victim systems enabling stealthy C2 operations.The backdoor, which Cisco’s Talos Intelligence Unit is tracking as TorNet, was found connecting victim machines to the decentralized and anonymizing TOR network for C2 communications.”Cisco Talos discovered an ongoing malicious…
-
The curious story of Uncle Sam’s HR dept, a hastily set up email server, and fears of another cyber disaster
Lawsuit challenges effort to create federal-wide centralized inbox expected to be used for mass firings First seen on theregister.com Jump to article: www.theregister.com/2025/01/29/opm_email_lawsuit/
-
SLAP, Apple, and FLOP: Safari, Chrome at risk of data theft on iPhone, Mac, iPad Silicon
It’s another cousin of Spectre, here to read your email, browsing history, and more First seen on theregister.com Jump to article: www.theregister.com/2025/01/29/flop_and_slap_attacks_apple_silicon/
-
Mandatory email verification implemented by BitWarden for non-2FA accounts
First seen on scworld.com Jump to article: www.scworld.com/brief/mandatory-email-verification-implemented-by-bitwarden-for-non-2fa-accounts
-
Hidden text salting in scam emails ramps up
First seen on scworld.com Jump to article: www.scworld.com/brief/hidden-text-salting-in-scam-emails-ramps-up
-
Lawsuit claims systems behind OPM governmentwide email blast are illegal, insecure
A pair of whistleblowers believe the office skirted the law by not conducting a privacy impact assessment for an alleged “on-prem” server used to send mass emails to federal employees and store information from responses. First seen on fedscoop.com Jump to article: fedscoop.com/opm-email-federal-workforce-lawsuit-server-privacy-security/
-
TorNet Backdoor Exploits Windows Scheduled Tasks to Deploy Malware
Cisco Talos researchers have identified an ongoing cyber campaign, active since mid-2024, deploying a previously undocumented backdoor known as >>TorNet.
-
PureCrypter Deploys Agent Tesla and New TorNet Backdoor in Ongoing Cyberattacks
A financially motivated threat actor has been linked to an ongoing phishing email campaign that has been ongoing since at least July 2024 specifically targeting users in Poland and Germany.The attacks have led to the deployment of various payloads, such as Agent Tesla, Snake Keylogger, and a previously undocumented backdoor dubbed TorNet that’s delivered by…
-
Barracuda Aims To Boost Email Protection With New Account Takeover, Threat Mitigation Capabilities
Barracuda is debuting a major set of new email protection capabilities along with new bundles and complimentary support for partners, according to Chief Product Officer Neal Bradbury. First seen on crn.com Jump to article: www.crn.com/news/security/2025/barracuda-aims-to-boost-email-protection-with-new-account-takeover-threat-mitigation-capabilities
-
Hackers Use Hidden Text Salting to Bypass Spam Filters and Evade Detection
In the latter half of 2024, Cisco Talos identified a significant increase in email threats leveraging >>hidden text salting,
-
Privacy Roundup: Week 4 of Year 2025
Tags: access, ai, apt, attack, backup, botnet, breach, cctv, cve, cybersecurity, data, data-breach, detection, email, exploit, firmware, flaw, google, group, identity, infrastructure, korea, lazarus, leak, login, malicious, malware, north-korea, phishing, phone, privacy, regulation, remote-code-execution, risk, router, scam, service, software, startup, technology, threat, tool, update, virus, vulnerability, windowsThis is a news item roundup of privacy or privacy-related news items for 19 JAN 2025 – 25 JAN 2025. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional “security” content mixed-in here due to the close relationship between online privacy and cybersecurity – many things may overlap;…
-
Bitwarden makes it harder to hack password vaults without MFA
Open-source password manager Bitwarden is adding an extra layer of security for accounts that are not protected by two-factor authentication, requiring email verification before allowing access to accounts. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/bitwarden-makes-it-harder-to-hack-password-vaults-without-mfa/
-
New ransomware group Funksec is quickly gaining traction
Tags: access, ai, attack, computer, control, country, cybercrime, data, data-breach, ddos, detection, email, encryption, extortion, government, group, leak, LLM, malware, password, powershell, ransom, ransomware, russia, rust, service, threat, tool, usa, windowsThreat reports for December showed a newcomer to the ransomware-as-a-service (RaaS) landscape quickly climbing the ranks. Called Funksec, this group appears to be leveraging generative AI in its malware development and its founders are tied to hacktivist activity.Funksec was responsible for 103 out of 578 ransomware attacks tracked by security firm NCC Group in December,…
-
Hidden Text Salting Disrupts Brand Name Detection Systems
A new phishing tactic has been identified by Cisco Talos, using hidden text salting to evade email security measures First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/hidden-text-salting-disrupts-brand/
-
DMARC Email Security: A Guide to Protecting Your Domain
Learn how DMARC email security can protect your brand, improve deliverability, and prevent phishing attacks. Get expert advice and best practices. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/01/dmarc-email-security-a-guide-to-protecting-your-domain/
-
MintsLoader Delivers StealC Malware and BOINC in Targeted Cyber Attacks
Threat hunters have detailed an ongoing campaign that leverages a malware loader called MintsLoader to distribute secondary payloads such as the StealC information stealer and a legitimate open-source network computing platform called BOINC.”MintsLoader is a PowerShell based malware loader that has been seen delivered via spam emails with a link to Kongtuke/ClickFix pages or a…
-
Phishing Emails Targeting Australian Firms Rise by 30% in 2024
For the APAC region as a whole, credential phishing attacks rose by 30.5% between 2023 and 2024. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/phishing-email-attacks-rise-australia/
-
FortiGate config leaks: Victims’ email addresses published online
Experts warn not to take leaks lightly as years-long compromises could remain undetected First seen on theregister.com Jump to article: www.theregister.com/2025/01/23/fortigate_config_leaks_infoseccers_list_victim_emails/
-
Cisco patches antivirus decommissioning bug as exploit code surfaces
Cisco has patched a denial-of-service (DoS) vulnerability affecting its open-source antivirus software toolkit, ClamAV, which already has a proof-of-concept (PoC) exploit code available to the public.Identified as CVE-2025-20128, the vulnerability stems from a heap-based buffer overflow in the Object Linking and Embedding 2 (OLE2) decryption routine, enabling unauthenticated remote attackers to cause a DoS condition…
-
10 top XDR tools and how to evaluate them
Tags: ai, attack, automation, business, cloud, computing, container, corporate, credentials, data, defense, detection, edr, email, encryption, endpoint, finance, firewall, google, guide, Hardware, iam, ibm, identity, incident response, infrastructure, intelligence, malicious, malware, marketplace, microsoft, mitigation, network, office, okta, open-source, organized, risk, security-incident, service, siem, skills, soar, software, spam, technology, threat, tool, training, vulnerability, zero-dayLittle in the modern IT world lends itself to manual or siloed management, and this is doubly true in the security realm. The scale of modern enterprise computing and modern application stack architecture requires security tools that can bring visibility into the security posture of modern IT components and integrate tightly to bring real-time threat…
-
APAC businesses face surge in email attacks
Sophisticated phishing and business email compromise campaigns are increasingly targeting organisations across the Asia-Pacific region, research reveals First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366618432/APAC-businesses-face-surge-in-email-attacks