Email security news & analysis | SC Media

Email Security News and Analysis

emailenvelopeicons_1216035

Exim vulnerability being exploited in the wild

Just one week after a previously patched vulnerability in Exim mail servers was disclosed by Qualys, attackers have begun searching out vulnerable Exim systems prompting the Cybersecurity and Infrastructure Security Agency (CISA) to encourage users to update their systems to the latest version. CISA reported the vulnerability CVE-2019-10149 was detected in exploits in the wild…

emailenvelopeicons_1216035

500,000 email servers running vulnerable Exim software

Qualys researchers went public with a remote command execution vulnerability (CVE-2019-10149) in the Exim mail server versions 4.87 to 4.91 possibly affecting more than half of all email servers now in use. The vulnerability allows a local, or in some cases, a remote attacker to execv as root, with no memory corruption or return-oriented programming…

election hacking

Controversy over which DMARC setting will best protect the 2020 presidential campaigns

A pair of email security firms are taking opposing positions on whether or not the 2020 presidential candidates are using secure email systems within their campaigns even though many of the candidates are using DMARC. Valimail and Agari have each issued report cards to show if the Democratic Party hopefuls learned a learned a lesson…

FBI fielded roughly $2.7 billion worth of Internet crime complaints in 2018

The FBI’s Internet Crime Complaint Center (IC3) received nearly 352,000 complaints related to cybercrime activity that collectively was responsible for $2.7 billion in losses, according to the agency’s 2018 Internet Crime Report. The three most commonly reported internet crimes last year were non-payment/non-delivery scams (i.e. the scammer never pays for or never ships ordered merchandise),…

Fake U.S. State Dept. docs used in European embassy cyberattacks

Cyberattackers, possibly Russian, recently struck numerous embassies in Europe with a malicious email attachment that uses a weaponized version of the TeamViewer remote desktop tool to gain control of the target computer. Check Point researchers reported that the attack is well structured, yet somewhat sloppy, but in the end potentially quite dangerous. The attack begin…

Facebook says it ‘unintentionally’ harvested 1.5M users’ email contacts via verification feature

Facebook has once again stoked controversy after the social media giant reportedly owned up to “unintentionally” collecting the email contacts of 1.5 million users without their consent. Business Insider revealed the company’s latest data mismanagement gaffe in an April 17 news report, after its staff members created a fake account and entered an email password…

Microsoft web mail services breached after support agent’s credentials are compromised

Hackers reportedly compromised a Microsoft Corp. support agent’s credentials, allowing them to gain unauthorized access to the company’s various web-based email services, including Outlook, MSN and Hotmail, for at least three months in 2019. This breach exposed not only information pertaining to certain customers’ email accounts, but also in some cases the content of the…

Next post in Email Security