Email Security News, Articles and Updates

Defense Dept. blocks 36M malicious emails daily, fends off 600 Gbps DDoS attacks

The agency also has thwarted distributed denial of service (DDoS) attacks as large as 600 Gbps and expects those attacks to grow to a terabyte or more.

Defense Dept. warns staffers against using personal email for official business

Personal or other non-official email accounts can only be used to conduct official government business in "rare and extraordinary circumstances," according to a memo issued by Deputy Defense Secretary Patrick Shanahan.

Gov't agencies adopting DMARC more quickly, but still have a ways to go

Research from Agari Analytics shows strong momentum for complying with the directive - adoption increased 38 percent increase between Nov. 18 and Dec. 18.

Louisiana man busted in 'Nigerian prince' scam

The investigation is ongoing and is expected to reach beyond the U.S. borders, according to a release from the police department.

State Dept. releases Abedin emails found on Weiner laptop

The discovery of the emails on disgraced Congressman Anthony Weiner's computer prompted former FBI Director James Comey to renew a probe of Hillary Clinton's email.

Australian loses $1 million in 'catphish' whaling scam

A London court heard a case earlier this month in which one of Australia's richest people tried to recover $1 million scammed from him in a convoluted ruse that combined traditional phishing with the "Catfish" online phenomenon preying on lonely people looking for love.

Irish Zoo scammed, nearly $600,000 stolen

Most humans have a soft spot for animals. Cybercriminals are another breed obviously, as evidenced by the Dublin Zoo's computer system getting breached so that payments due it were electronically redirected to a criminal's account.

Email scam using Xero invoice as bait detected

A large email scam centered on a fake Xero invoice was detected by the firm Mailguard, the second such campaign using the popular cloud-based accounting software this month.

Fancy Bear campaign targets 200 journalists

About 200 journalists have been targeted by the Russian cybergang Fancy Bear over the last two years with the group releasing personal information as part of a grander scheme to hinder Hilary Clinton's presidential election campaign.

Washington, D.C. police computers used by two Romanians to operate ransomware campaign

The U.S. Secret Service has filed a complaint against two Romanian nationals for compromising more than 100 Washington, DC police computers that helped operate the city's camera surveillance network in order to spread ransomware.

Necurs rides 12 million email campaign move up Most Wanted Malware list

The use of the Necurs botnet to spread Scarab ransomware over the Thanksgiving holiday helped propel Necurs up several places on Check Point's Ten Most Wanted Malware list for November.

N.C.'s Mecklenberg County CIO details recent ransomware attack

Mecklenberg County officials reported additional progress restoring its systems following a ransomware attack earlier this month.

File Spider ransomware hitting Balkan nations

A malspam campaign targeting several Balkan countries is distributing a new ransomware called file Spider that threatens to delete a victim's files if the ransom is not paid within 96 hours.

MailSploit bugs let spoofed emails bypass DMARC, spam detectors

The spoofed emails are "virtually unstoppable," said the researcher who discovered the MailSploit vulnerabilities.

Anne Arundel school workers phished, lose paychecks

Cybercriminals used what was most likely a phishing attack to redirect the direct deposited pay checks of 36 Ann Arundel County school employees stealing about $57,000.

APT28's latest Word doc attack eliminates needing to enable macros

The threat group APT28/Fancy Bear has is now using a little used technique in Microsoft Office that enables it to executive arbitrary code using a Word document, but without requiring macros being enabled.

Swiss phishing scam aims to download Retefe banking trojan

The details of a phishing campaign currently being run in Switzerland that uses a tax dodge to entice its victims to open an attached file which will then download the Retefe banking trojan have been released by PhishMe.

Cambridge Analytica CEO approached Assange about publishing missing Clinton emails

Julian Assange verified that he was contacted by Cambridge Analytica but said he rebuffed the offer.

DHS, FBI issue warning and details concerning on-going ICS attacks on power, aviation sectors

The Department of Homeland Security (DHS) and the FBI issued a joint alert concerning an advanced persistent threat targeting the government and organizations in the energy, nuclear, water and manufacturing sectors.

Study: 18% of fed agencies embrace DMARC yet 25% of email fraudulent, unauthenticated

Of the 18 percent of agencies that do have DMARC in play, only half are maximizing the benefits of the standard by quarantining or rejecting unauthenticated email to prevent domain name spoofing.

Office 365 joke: KnockKnock, Who's there? Botnet malware

Microsoft's already battered Office 365 is once again being targeted, this time by KnockKnock, a botnet attack designed to specifically victimize the office productivity software suite.

Google introduces Advanced Protection cybersecurity program

Google is rolling out a new three-step cybersecurity plan designed to give extra protection to those most in need.

Spammed in 30 minutes or less: Domino's Australia warns of email campaign, third-party breach

Domino's Pizza Australia has disclosed that a data breach at one of its third-party suppliers may have resulted in a spam campaign aimed at customers of the restaurant and food delivery chain.

DHS will order agencies to adopt DMARC, https

DHS Acting Secretary Elaine Duke, will release a binding order requiring agencies to comply with DMARC plan within 30 days and https within 120 days.

Malicious Chrome extension mines Monero, hijacks Gmail and Facebook accounts

A new and very ambitious malicious Chrome extension called Ldi has been uncovered, one that injects the Coinhive cryptocurrency miner into the target computer, accesses the victim's Gmail and Facebook accounts and registers newly created domains in that person's name.

Former Congressional IT pro Awan wiped phone before FBI arrest

Imran Awan wiped his iPhone just hours before the FBI arrested him at Dulles Airport as he waited to board a flight to Pakistan.

Top 5 anti-phishing training programs

With phishing and business email compromise-style attacks the primary methods used by cybercriminals to gain access to an organization, it is imperative that employees be taught what to look out for when going through their email. So SC Media asked some top cybersecurity executives for their best training tips.