Security Experts:
LATEST SECURITY NEWS HEADLINES
NEWS & INDUSTRY UPDATES
An update released this week for the OpenSMTPD mail server addresses an out-of-bounds read vulnerability that could lead to arbitrary command execution. [Read More]
A group of business email compromise (BEC) scammers that targeted thousands in the United States employed Google’s G Suite for their infrastructure. [Read More]
Eighty-five percent of Fortune 500 companies are not using DMARC to protect themselves and their customers from fraudulent emails. [Read More]
Several cybersecurity companies have spotted various campaigns that leverage coronavirus-themed emails to deliver malware, phishing and scams. [Read More]
Of the 15 current U.S Presidential candidates, eight now protect their domains from email spoofing with enforced DMARC. [Read More]
A vulnerability that can allow remote command execution with elevated privileges has been found in OpenSMTPD, OpenBSD's mail server. [Read More]
Russia's FSB security service said it blocked Geneva-based ProtonMail after a series of anonymous bomb threats were sent through the service. [Read More]
A phishing campaign apparently aimed at Ukrainian gas company Burisma has been linked by researchers to the Russian hacker group APT28. [Read More]
Email and data security company Mimecast on Monday announced the acquisition of threat protection solutions provider Segasec. [Read More]
ProtonMail releases beta version of ProtonCalendar, a fully encrypted calendar application that aims to help users keep track of their plans and keep their data private. [Read More]
- 1 of 30
- ››
FEATURES, INSIGHTS // Email Security
Organizations may not be able to mitigate BEC scams entirely; however, tightening up processes will ensure data exposure is kept to a minimum.
By learning from the past there are many steps we can take to strength our approach to security as attackers continue to turn to email to help accomplish their mission.
“Evasive phishing" is not a term much heard, but we all will—and need to—start talking a lot more about it than we have in the past.
BEC is becoming increasingly profitable for threat actors as organizations are making it easy for adversaries to gain access to the valuable information that sits within these inboxes.
We should be thinking about how users work, what they do and how it affects the security posture of the business, but does security really start with them?
Ninety percent of breaches may begin with an email, but today most of the action happens well after an inbound email has been scanned and delivered.
Even organizations with the most robust defense solutions and advanced automated technologies cannot effectively combat threats such as BEC without the adequate support and nuanced expertise of humans.
To mitigate the risk of attacks, IT teams should disable unused tools and components, while deploying endpoint protection that doesn’t rely solely on file scanning or whitelisting.
DMARC is an email authentication standard designed to eliminate phishing and other types of attack that use spoofing to misrepresent an email sender identity.
Endpoint protection will never be able to catch up with “known wolves,” but machine learning and artificial perception can change the rules of engagement with models of “known good.”
- 1 of 4
- ››
Subscribe to the Daily Briefing
- Privacy Rights May Become Next Victim of Killer Pandemic
- Europol: Criminals Exploit Virus Crisis as Fresh Opportunity
- Google Sees Drop in Government-Backed Phishing Attempts
- Russian Hackers Exploited Windows Flaws in Attacks on European Firms
- Senator Urges Vendors to Secure Networking Devices Amid COVID-19 Outbreak
- GitHub Paid Out Over $1 Million in Bug Bounties
- Websites of U.S. Presidential Candidates Pose Security, Privacy Risks
- Unofficial Patches Released for Exploited Windows Font Processing Flaws
- No Patch for VPN Bypass Flaw Discovered in iOS
- Spyware Delivered to iPhone Users in Hong Kong Via iOS Exploits
Copyright © 2020 Wired Business Media. All Rights Reserved. Privacy Policy