Email Security News, Articles and Updates

German-speaking users targeted in new malware campaign

German-speaking users targeted in new malware campaign

By

German and Austrian computer users are being targeted with a new malware campaign.

Ransomware awareness and fear growing: Study

Ransomware awareness and fear growing: Study

By

When faced with a situation where a firm's critical data has been locked up by a ransomware attack and irretrievable by backup, close to half of the companies surveyed by KnowBe4 for its latest ransomware survey said they would pay the ransom to get their systems back online.

New RAA ransomware written in JavaScript discovered

New RAA ransomware written in JavaScript discovered

By

A new variety of ransomware called RAA has been discovered that has the somewhat unusual attribution of being coded in JavaScript instead of one of the more standard programming languages making it more effective in certain situations.

Ransomware migrates from Angler to Neutrino

Ransomware migrates from Angler to Neutrino

By

Following the shuttering of the Necurs botnet, security researchers noticed a subsequent drop in Angler exploit kits and other malware campaigns.

Newly discovered malware campaign adds to TeamViewer's account hijacking woes

Newly discovered malware campaign adds to TeamViewer's account hijacking woes

By

TeamViewer continues to assert that poor password management is the chief cause behind a spate of user account hijackings, but a new alert from Trend Micro suggests that a malware campaign could be another piece to the puzzle.

Leakedsource.com finds 45M leaked VerticalScope user records

Leakedsource.com finds 45M leaked VerticalScope user records

By

The outdoor and motorsports-centric website aggregator VerticalScope was hacked according to an industry watchdog with about 45 million records from more than 1,100 websites being taken and posted to the internet.

New phishing scam siphoning PayPal user credentials

New phishing scam siphoning PayPal user credentials

By

Users of PayPal are being targeted in a new phishing scheme that steals their credentials.

Clear path to Verizon email accounts patched

Clear path to Verizon email accounts patched

By

A vulnerability that could have allowed attackers to hijack incoming emails from Verizon users' inboxes without their knowledge was detected and, a month later, patched.

Hackers impersonate CEOs and CFOs most often during phishing attack

Hackers impersonate CEOs and CFOs most often during phishing attack

By

All it takes is one of three words and impersonating the correct executive to pull off a successful Business Email Compromise attack, according to a new Trend Micro report.

Low-profile Crysis ransomware suddenly stealing the show

Low-profile Crysis ransomware suddenly stealing the show

By

Researchers at ESET have discovered that an under-the-radar ransomware known as Crysis has been silently and quickly gaining momentum, and is currently even more prevalent than Locky.

Cyren warns of new bitcoin phishing site in the wild

Cyren warns of new bitcoin phishing site in the wild

Speaking to SCMagazineUK.com, Lior Kohavi, CTO at Cyren, revealed a phishing site that aims to steal credentials from Bitcoin blockchain users.

Guilty pleas for two spammers behind heist of 60M accounts

Guilty pleas for two spammers behind heist of 60M accounts

By

Guilty pleas were entered by two men for a range of computer fraud charge said to have netted $2 million in ill-gotten gains.

Constructive Disclosure

Constructive Disclosure

This is going to be a bit different from my usual blog postings but I think the time is good for this discussion for several reasons. First, the notion of constructive and responsible disclosure of bugs is a clear issue for threat hunters.

 Reeling in workers: Social engineering

Reeling in workers: Social engineering

By

When it comes to finding a scapegoat after a company falls victim to a spearphishing scam, pointing toward the human being in the room typically isn't unjustified or unfair.

Ransomware threats tied to data breaches growing, IC3

Ransomware threats tied to data breaches growing, IC3

By

The Internet Crime Complaint Center (IC3) issued a Public Service Announcement regarding the growing number of individuals who have been filing reports with the center.

State Dept. asks court to reject Republican Party FOIA request for Clinton emails

State Dept. asks court to reject Republican Party FOIA request for Clinton emails

By

The U.S. Department of State is asking a U.S. District Court to deny a FOIA request by the Republican National Committee for emails from Hillary Clinton.

CryptoLocker partially shuts down Pinal County, Ariz. government network

CryptoLocker partially shuts down Pinal County, Ariz. government network

By

The computer network of the Pinal County Attorney's Office in Arizona has been hit with CryptoLocker, effectively shutting down part of the agency's system.

Upgraded Dridex malware on the rebound, hitting U.S. banks

Upgraded Dridex malware on the rebound, hitting U.S. banks

By

A new and more dangerous version of the Dridex banking malware is being used in a new campaign targeting financial institutions, primarily in the United States.

Users warming up to replacing traditional passwords with next-level authentication

Users warming up to replacing traditional passwords with next-level authentication

By

A new study has come to light in which 52 percent of surveyed consumers said they would prefer a more modernized method of user authentication, such as biometrics, over traditional username and password mechanisms.

Email error leaks hundreds of Northern Ireland prison officer details

Email error leaks hundreds of Northern Ireland prison officer details

An email error made in Northern Ireland has accidentally leaked the personal details of hundreds of prison officers working in the country to an outside contractor.

New Locky ransomware campaign sets sights on Amazon customers

New Locky ransomware campaign sets sights on Amazon customers

By

Amazon customers are the target of a wide-ranging phishing email scam intended to fool recipients into opening up a malicious attachment that results in the downloading of Locky ransomware.

Workplace security awareness programs lacking in efficacy, says study

Workplace security awareness programs lacking in efficacy, says study

By

Just because a company offers a cybersecurity training program to its employees doesn't mean it's necessarily doing enough to change workers' dangerous online behaviors, according to a report from Experian and Ponemon Institute.

ACLU seeks to join Microsoft in demanding gov't notify customers of email, cloud storage searches

By

The ACLU petitioned a federal court to join Microsoft's lawsuit to force the U.S. government to notify its customers of email and cloud storage searches.

Update: 117 million LinkedIn email credentials found for sale on the dark web

Update: 117 million LinkedIn email credentials found for sale on the dark web

By

The 2012 LinkedIn data breach may be the breach that just keeps on giving with the news that 117 million customer email credentials originating from that hack were found for sale on the dark web.

APWG report: Phishing surges by 250 percent in Q1 2016

APWG report: Phishing surges by 250 percent in Q1 2016

By

The Anti-Phishing Working Group observed more phishing attacks in the first quarter of 2016 than in any other three-month span since it began tracking data in 2004, according to the anti-cybercrime coalition.

Adobe Flash remains threat as users fail to update, researchers

Adobe Flash remains threat as users fail to update, researchers

By

Although an Adobe update to its Flash program fixed a zero-day vulnerability, attackers are still taking advantage of it as many users have failed to install the patch.

Guccifer reportedly to plead guilty to certain charges; may aid ongoing federal probes

Guccifer reportedly to plead guilty to certain charges; may aid ongoing federal probes

By

The infamous hacker Guccifer, who claims to have infiltrated Hillary Clinton's email servers while she was Secretary of State, will reportedly plead guilty today to at least one of the federal charges for which he was extradited to the U.S.

Variant of Cerber ransomware features bot capabilities that could launch DDoS attacks

Variant of Cerber ransomware features bot capabilities that could launch DDoS attacks

By

Researchers at endpoint security solutions company Invincea have discovered a new variant of Cerber ransomware that could lock out legitimate users, while still allowing attackers to potentially launch DDoS attacks against other networks.

Changing of the TidePool: Operation Ke3chang malware evolves as APT threat reappears

Changing of the TidePool: Operation Ke3chang malware evolves as APT threat reappears

By

Operation Ke3chang, the APT that in 2013 was discovered targeting Europe-based Ministries of Foreign Affairs, not only apparently remains active but also seems to be leveraging a new family of malware called TidePool.

LinkedinGate: industry reacts to

LinkedinGate: industry reacts to

With the news of over 100 million user login credentials being stolen from online professional networking website LinkedIn, the industry offers it's viewpoints on passwords, the GDPR and LinkedIn's choice of encryption.

RECENT COMMENTS

Sign up to our newsletters

FOLLOW US