Email Security News, Articles and Updates

Errant email exposes PII of Chicago Public School systems students

A Chicago Public Schools (CPS) worker accidentally emailed private student information to more than 3,700 families who have students in the system.

MuddyWater trojan campaign adds a few new notes

The malicious actors behind the MuddyWater campaign have given the malware a facelift changing the way the malicious files are executed and altering the social engineering used to entice its victims to open the infected Word document.

HealthEquity breach exposes PII of 23,000 customers

About 23,000 accounts have been compromised by a data breach that took place at HealthEquity when an employee fell for a phishing scam.

Law enforcement operation scoops up 74 BEC scammers

In a wide-ranging operation, six-month-long operation that spanned three continents 74 individuals were arrested for operating a large-scale business email compromise (BEC)scheme.

Dignity Health discloses multiple data breaches to HHS

The San Francisco-based health care facilities operator Dignity Health recently experienced an accidental email breach affecting 55,947 patients, according to a May 31 disclosure form the not-for-profit corporation filed with the U.S. Department of Health and Human Services.

Cambridge Analytica exec met with Assange in 2017 to discuss election, donated cryptocurrency to WikiLeaks

Brittany Kaiser, a director at the data analytics company, told friends she visited Assange on February 17, 2017, and also had donated to the whistleblower site via cryptocurrency.

Hackers hijack SpamCannibal, spam users with false notifications

All queries to the website's blacklist received a positive response so that spam filters believed the IP addresses were blacklisted.

Hacker with Russian intel ties pleads guilty to gmail hacks

23-year-old Canadian citizen Karim Baratov pleaded guilty to federal conspiracy and identity theft in November.

Cobalt shrugs off arrests, resumes cyberattacks on banks

The arrest of several leaders of the Cobalt cybergang, including its leader, has not stopped the group from launching additional attacks with the most recent being tracked late last week.

Scammers using FIFA World Cup as a lure

The FIFA World Cup is set to start in less than two weeks, and just like the Seoul Winter Olympics cybercriminals are lining up to take advantage of fans searching for tickets or deals.

That smarts! 'Brain Food' spam botnet malware found on thousands of websites

A spam campaign called Brain Food has been feeding email recipients a steady diet of junk messages containing links to pages promoting bogus intelligence-boosting supplements and diet pills.

Attempts to terminate new WinstarNssmMiner cryptominer result in computer crash

Computers users infected with the newly observed cryptojacking malware WinstarNssmMiner will be surprised to discover that the nasty malware crashes their machines if they try to terminate the program, making it difficult to remove.

The Oregon Clinic patient PHI exposed via email breach

The Oregon Clinic discovered on March 9 that an unauthorized third party had accessed an email account possibly exposing the personal health information for some of its patients.

New Apple ID phishing operation protects web assets with AES encryption

A recently discovered email phishing campaign was found targeting Apple ID credentials, while using AES encryption to thwart active countermeasures against their malicious website.

Vega Stealer malware targeting marketing, public relations and advertising sectors

Researchers have come across a new ransomware variant named Vega Stealer that is taking special aim at those in the marketing, advertising, public relations and retail/manufacturing industries.

USB drive sniffing K-9 helps capture student hacker

A San Francisco Bay-area student accused of hacking his school's computer system to change grades was captured with the aid of a K-9 unit when its dog was able to sniff out a thumb drive holding incriminating evidence.

Michigan man gets 7 years for hacking jail computer to spring inmate

A Michigan man was sentenced to 87 months behind bars for illegally accessing a county government computer in an attempt to spring a county jail inmate early.

SC Video: Global Cyber Alliance's Phil Reitinger talks DMARC adoption

Phil Reitinger, president and CEO of the Global Cyber Alliance, spoke with SC Media Executive Editor Teri Robinson about DMARC's benefits and its trajectory in both the private and public sectors.

Simple, but not cheap, phishing kit found for sale on Dark Web

Cybercriminals are nothing if not attuned to finding new customers for their wares, as Check Point and CyberInt have come across a next-generation phishing kit for sale on the Dark Web geared toward the neophyte, but discerning, hacker.

Rubella Macro Builder cybercrimeware kit receives lower price, new capabilities

Russian hackers have taken a shine to a new cybercrimeware kit called Rubella Macro Builder that is being touted as fast, cheap and capable of beating a basic antivirus defensive system.

Medical supplier Inogen hit with breach, 30,000 possibly affected

A California-based medical device manufacturer reported that 30,000 former and current customers may have had their personal information exposed when a company employee's email account was compromised.

Pompeo will put resources into cyber at State Dept., agency warns employees of uptick in hacking attempts

Lawmakers asked Mike Pompeo if he would reinstate the agency's cyber coordinator position while the Cyber and Technology Security Directorate warned the departments employees of an upswing in malicious activities by hackers.

Email hoaxes and phishing scams prey off of school violence fears

A Swiss hacking group has reportedly claimed credit for using a hijacked email domain to bombard schools around the U.S. with fake threats of violence. Meanwhile, a credentials phishing campaign is also stoking school shooting fears by impersonating a campus security alert.

Nigerian man pleads guilty to BEC scams, awaits sentencing

Onyekachi Emmanuel Opara and co-conspirator David Chukwuneke Adindu, along with others, ran BEC scams between 2014 to 2016, trying to fleece victims out of millions of dollars.

White House email domains lack protections against spoofing -- report

An analysis of 26 email domains managed by the Executive Office of the President found that all but one of them lack sufficient DMARC protections against spoofing used in phishing and spam campaigns.

Microsoft adds ransomware protection, recovery tools to Office 365

Microsoft has rolled out a series of new tools to protect its Office 365 Home and 365 Personal customers from a variety of cyberthreats, including ransomware.

Information on 6,800 CareFirst members exposed in phishing attack

CareFirst BlueCross BlueShield said one of its employees fell victim to a phishing attack that led to thousands of its members' personal information being exposed.