Security Experts:

Email Security
long dotted

NEWS & INDUSTRY UPDATES

An analysis of more than 2.2 billion emails between April and June (Q2) 2019 exposes the current tactics, techniques and targets of contemporary attackers. [Read More]
Google is adding its Password Checkup tool to the Account password manager and Chrome, and it has unveiled some new privacy features for YouTube, Maps and Assistant. [Read More]
A Critical vulnerability (CVE-2019-16928) in the popular open-source email server Exim could allow an attacker to execute code remotely and take over a vulnerable server. [Read More]
Microsoft this week announced plans to add some new file extensions to the list of file types that are blocked in Outlook on the web. [Read More]
A large number of spam messages recently sent by the same botnet were observed featuring randomized headers and even different templates, with some emails resembling phishing. [Read More]
Microsoft announces general availability of Automated Incident Response feature in Office 365 Advanced Threat Protection (ATP). [Read More]
Nigerian and US authorities said Tuesday that nearly 300 people had been arrested in a months-long global crackdown on online scams to hijack wire transfers from companies and individuals. [Read More]
South Korean-based industrial manufacturer DK-LOK was found to leak internal and external communications, including customer data. [Read More]
Exim servers vulnerable to attacks due to a vulnerability that allows a local or remote attacker to execute arbitrary code with root privileges. [Read More]
An SMS phishing attack against many modern Android phones could route all internet traffic through a proxy controlled by the attacker. [Read More]

FEATURES, INSIGHTS // Email Security

rss icon

Alastair Paterson's picture
Organizations may not be able to mitigate BEC scams entirely; however, tightening up processes will ensure data exposure is kept to a minimum.
Ashley Arbuckle's picture
By learning from the past there are many steps we can take to strength our approach to security as attackers continue to turn to email to help accomplish their mission.
Siggi Stefnisson's picture
“Evasive phishing" is not a term much heard, but we all will—and need to—start talking a lot more about it than we have in the past.
Alastair Paterson's picture
BEC is becoming increasingly profitable for threat actors as organizations are making it easy for adversaries to gain access to the valuable information that sits within these inboxes.
Siggi Stefnisson's picture
We should be thinking about how users work, what they do and how it affects the security posture of the business, but does security really start with them?
Siggi Stefnisson's picture
Ninety percent of breaches may begin with an email, but today most of the action happens well after an inbound email has been scanned and delivered.
Josh Lefkowitz's picture
Even organizations with the most robust defense solutions and advanced automated technologies cannot effectively combat threats such as BEC without the adequate support and nuanced expertise of humans.
Jack Danahy's picture
To mitigate the risk of attacks, IT teams should disable unused tools and components, while deploying endpoint protection that doesn’t rely solely on file scanning or whitelisting.
Markus Jakobsson's picture
DMARC is an email authentication standard designed to eliminate phishing and other types of attack that use spoofing to misrepresent an email sender identity.
Markus Jakobsson's picture
Endpoint protection will never be able to catch up with “known wolves,” but machine learning and artificial perception can change the rules of engagement with models of “known good.”