Security Experts:
LATEST SECURITY NEWS HEADLINES
NEWS & INDUSTRY UPDATES
A high-powered joint advisory calls attention to gaping holes in perimeter-type devices like VPN appliances, network access gateways and enterprise cloud applications. [Read More]
Google shares bug-bounty financial data and launches a new initiative to bring all of its vulnerability reporting programs into a single online platform. [Read More]
SonarSource security researcher details two vulnerabilities in Zimbra enterprise webmail solution that could result in the compromise of both sent and received emails. [Read More]
Apple ships an out-of-band security update and warns of active zero-day attacks targeting macOS and iOS users. [Read More]
Mozilla has completely removed support for the File Transfer Protocol (FTP) from in the latest release of its flagship Firefox browser. [Read More]
Intezer warns that threat actors are abusing Argo Workflows to target Kubernetes deployments and deploy crypto-miners. [Read More]
New Google Cloud offerings aim to help federal, state, and local government organizations in the U.S. implement zero-trust architecture. [Read More]
The CloudKnox deal is Microsoft’s fourth cybersecurity acquisition over the last 12 months and comes just weeks after Redmond announced plans to purchase threat-intelligence vendor RiskIQ. [Read More]
Microsoft secures a court order to take down malicious domains that impersonate legitimate organizations. [Read More]
Networking gear vendor Juniper Networks ships product updates to address critical security vulnerabilities. [Read More]
- 1 of 53
- ››
FEATURES, INSIGHTS // Email Security
Leveraging humans for detection makes it hard for the attackers to predict whether or not their malicious emails will be identified and using technology to automate response provides scale and speed in resolution.
SPF, DMARC and DKIM are three email security methods that work together to prevent unauthorized third parties from sending emails on behalf of a domain.
Organizations may not be able to mitigate BEC scams entirely; however, tightening up processes will ensure data exposure is kept to a minimum.
By learning from the past there are many steps we can take to strength our approach to security as attackers continue to turn to email to help accomplish their mission.
“Evasive phishing" is not a term much heard, but we all will—and need to—start talking a lot more about it than we have in the past.
BEC is becoming increasingly profitable for threat actors as organizations are making it easy for adversaries to gain access to the valuable information that sits within these inboxes.
We should be thinking about how users work, what they do and how it affects the security posture of the business, but does security really start with them?
Ninety percent of breaches may begin with an email, but today most of the action happens well after an inbound email has been scanned and delivered.
Even organizations with the most robust defense solutions and advanced automated technologies cannot effectively combat threats such as BEC without the adequate support and nuanced expertise of humans.
To mitigate the risk of attacks, IT teams should disable unused tools and components, while deploying endpoint protection that doesn’t rely solely on file scanning or whitelisting.
- 1 of 4
- ››
Get the Daily Briefing
- Potential RCE Flaw Patched in PyPI’s GitHub Repository
- OT Security Firm Nozomi Networks Raises $100 Million
- Chipotle's Email Marketing Account Hacked to Spread Malware
- Cybersecurity M&A Roundup: 38 Deals Announced in July 2021
- Cisco, Sonatype and Others Join Open Source Security Foundation
- Amazon Fined 746 Mn Euros in Luxembourg Over Data Privacy
- NSA Shares Guidance for Government Employees on Securing Wireless Devices in Public
- Flaws in Pneumatic Tube System Can Facilitate Cyberattacks on North American Hospitals
- Zoom to Settle US Privacy Lawsuit for $85 Mn
- Justice Department Says Russians Hacked Federal Prosecutors
Copyright © 2021 Wired Business Media. All Rights Reserved. Privacy Policy