Security Experts:
LATEST SECURITY NEWS HEADLINES
NEWS & INDUSTRY UPDATES
Apple says it has found no evidence that the recently disclosed iOS Mail app vulnerabilities have been exploited in attacks as researchers have claimed. [Read More]
Phishers do not need to spoof the exact domain name if they can use a different domain that might be accepted as reasonable. [Read More]
Over the past week, Google has observed over 18 million malware and phishing emails related to COVID-19 being sent out every day. [Read More]
Many companies are offering free cybersecurity tools and resources to help organizations during the COVID-19 coronavirus outbreak. [Read More]
A new feature that Microsoft is adding to its Edge browser will alert users if the passwords saved to autofill have been compromised. [Read More]
IBM and FireEye have spotted a campaign that relies on fake “COVID-19 Payment” emails to deliver the Zeus Sphinx banking trojan to people in the US, Canada and Australia. [Read More]
GE says the personal information of some employees may have been compromised as a result of a data breach suffered by Canon Business Process Services. [Read More]
Russia-linked APT28 hijacked high-profile email accounts and used them for phishing attacks, Trend Micro reported. [Read More]
Proton Technologies is deploying a new system to ensure that its email and VPN applications continue to be accessible even in scenarios where governments or ISPs attempt to block them. [Read More]
Nearly 1 million domains use DMARC, but only 13% of them are configured to actually prevent email spoofing, says Valimail. [Read More]
- 1 of 31
- ››
FEATURES, INSIGHTS // Email Security
Organizations may not be able to mitigate BEC scams entirely; however, tightening up processes will ensure data exposure is kept to a minimum.
By learning from the past there are many steps we can take to strength our approach to security as attackers continue to turn to email to help accomplish their mission.
“Evasive phishing" is not a term much heard, but we all will—and need to—start talking a lot more about it than we have in the past.
BEC is becoming increasingly profitable for threat actors as organizations are making it easy for adversaries to gain access to the valuable information that sits within these inboxes.
We should be thinking about how users work, what they do and how it affects the security posture of the business, but does security really start with them?
Ninety percent of breaches may begin with an email, but today most of the action happens well after an inbound email has been scanned and delivered.
Even organizations with the most robust defense solutions and advanced automated technologies cannot effectively combat threats such as BEC without the adequate support and nuanced expertise of humans.
To mitigate the risk of attacks, IT teams should disable unused tools and components, while deploying endpoint protection that doesn’t rely solely on file scanning or whitelisting.
DMARC is an email authentication standard designed to eliminate phishing and other types of attack that use spoofing to misrepresent an email sender identity.
Endpoint protection will never be able to catch up with “known wolves,” but machine learning and artificial perception can change the rules of engagement with models of “known good.”
- 1 of 4
- ››
Get the Daily Briefing
- Google Takes Action Against Misleading and Malicious Notifications in Chrome
- New Yorker Indicted for Stealing Card Data via SQL Injection Attacks
- NSA Publishes IOCs Associated With Russian Targeting of Exim Servers
- NetBeans Projects on GitHub Targeted in Apparent Supply Chain Attack
- Cisco to Buy Network Intelligence Firm ThousandEyes
- Germany Confronts Russian Ambassador Over Cyberattack
- Design Marketplace Minted Confirms Recent Data Breach
- Cisco Servers Hacked via Salt Vulnerabilities
- Japanese ICT Solutions Provider NTT Com Discloses Data Breach
- NSA: Russian Agents Have Been Hacking Major Email Program
Copyright © 2020 Wired Business Media. All Rights Reserved. Privacy Policy