Email Security News, Articles and Updates

Study: 18% of fed agencies embrace DMARC yet 25% of email fraudulent, unauthenticated

Of the 18 percent of agencies that do have DMARC in play, only half are maximizing the benefits of the standard by quarantining or rejecting unauthenticated email to prevent domain name spoofing.

Office 365 joke: KnockKnock, Who's there? Botnet malware

Microsoft's already battered Office 365 is once again being targeted, this time by KnockKnock, a botnet attack designed to specifically victimize the office productivity software suite.

Google introduces Advanced Protection cybersecurity program

Google is rolling out a new three-step cybersecurity plan designed to give extra protection to those most in need.

Spammed in 30 minutes or less: Domino's Australia warns of email campaign, third-party breach

Domino's Pizza Australia has disclosed that a data breach at one of its third-party suppliers may have resulted in a spam campaign aimed at customers of the restaurant and food delivery chain.

DHS will order agencies to adopt DMARC, https

DHS Acting Secretary Elaine Duke, will release a binding order requiring agencies to comply with DMARC plan within 30 days and https within 120 days.

Malicious Chrome extension mines Monero, hijacks Gmail and Facebook accounts

A new and very ambitious malicious Chrome extension called Ldi has been uncovered, one that injects the Coinhive cryptocurrency miner into the target computer, accesses the victim's Gmail and Facebook accounts and registers newly created domains in that person's name.

Former Congressional IT pro Awan wiped phone before FBI arrest

Imran Awan wiped his iPhone just hours before the FBI arrested him at Dulles Airport as he waited to board a flight to Pakistan.

Top 5 anti-phishing training programs

With phishing and business email compromise-style attacks the primary methods used by cybercriminals to gain access to an organization, it is imperative that employees be taught what to look out for when going through their email. So SC Media asked some top cybersecurity executives for their best training tips.

Job seekers, freelance journalists targeted in Atlantic Magazine scam

Freelance writers were the targets of a phishing scam when they received emails purportedly from editors at The Atlantic offering non-existent jobs.

6,000 Atlanta Public School employees possibly compromised

Federal investigators have warned the Atlanta Public School system that all 6,000 of its employees may have had their personal information compromised due to a phishing scam.

Graton Casino and Resort accidentally emails customer PII

Patrons of the Graton Casino and Resort may have lost more than just their money as the business has started notifying customers that some of their personally identifiable information may have been compromised.

New Jersey email admin charged with accessing former company's account

A New Jersey man was arrested for placing and using a hidden sub-user account in his former company's email system, allowing him to enter and remove emails without authorization.

Bannon, Priebus among additional Trump staffers found using personal email

In the wake of the revelation that presidential advisor Jared Kushner used a private email account during the early portion of the Trump administration, reports have been published citing five additional White House staffers with the same activity.

Report: Jared Kushner, White House officials have communicated using personal email accounts

Presidential senior adviser Jared Kushner has reportedly communicated with members of the Trump administration using a private email account, despite President Donald Trump's past criticisms of Hillary Clinton for doing the same thing as Secretary of State.

LinkedIn Premium accounts being used in phishing scam

LinkedIn and Wells Fargo have found themselves once again at the center of a cyber issue, but this time hackers are using the business-oriented social media site to send phishing InMails posing as a Wells Fargo messages.

Major malspam campaign pushing Locky ransomware via spoofed internal email addresses

A large malspam campaign using spoofed email addresses has attempted to infect recipients with ransomware in roughly 20 million detected attacks since Tuesday, researchers from Barracuda Networks have reported.

American Pacific Mortgage files lawsuit against insurer to reclaim losses due to BEC attack

American Pacific Mortgage (APM) has filed a breach of contract suit against Aspen Specialty Insurance Company disputing the latter's decision to not cover losses incurred from a business email compromise attack.

Defray Ransomware demands $5,000, then suggests victims backup their data

A just-documented ransomware strain called Defray is making some minor inroads by targeting firms in the healthcare, education, manufacturing and technology fields, that contains a ransom note that taunts the victim's IT department.

SyncCrypt ransomware able to sneak past most antivirus defenses

A new ransomware called SyncCrypt is using a unique method of downloading the malicious files that makes it very hard for an antivirus program to detect.

Google rolling out Gmail anti-phishing feature to iOS devices

Three months after introducing anti-phishing security checks in Gmail for Android products, Google has extended this feature to iOS devices as well.

Almost 900 Bloomberg terminal chat room users doxxed

More than 800 Wall Street workers using an anonymous Bloomberg business terminal chat room were doxxed when an email containing their names and email addresses was sent to the chat room participants.

IRS: Phishing scam aims to deceive accountants with fake tax software updates

The Internal Revenue Service is warning of an email-based phishing scam that impersonates tax software providers, in order to trick professional accountants into giving away their log-in credentials for these services.