Email security news & analysis | SC Media

Email Security News and Analysis

2.2 billion emails found in new Collection data dumps

By

The German firm Heise Security has found 2.2 billion email addresses and associated passwords, which it is labeling Collection 2-5, available for free on the web. These credentials were found in data caches similar to the Collection 1 data dump that was exposed in mid-January and found to contain 773 million unique emails amid 600GB…

Modlishka pen testing tool could be used for real attacks

By

A Polish cybersecurity researcher has released an automated tool designed for pen testers that has the ability intercept data in real-time and even swipe 2FA credentials, a move that has some in the industry concerned that it could be used for nefarious purposes. Piotr Duszyński last week released the open-source tool, named Modlishka which means…

DePaul University group email exposes employees’ info

By

A group email recently sent by DePaul University reportedly exposed the names and email addresses of 656 employees who had completed the school’s wellness program. According to Crain’s Chicago Business, the Chicago-based private university sent congratulatory emails to faculty members last Dec. 14, but neglected to use the “blind copy” feature. Consequently, recipients’ names and…

FBI looks into hoaxer texting GOP lawmakers

By

The FBI is reportedly investigating several incidents where someone impersonating Vice President Mike Pence’s press secretary is sending text messages to Republican lawmakers. The Wall Street Journal reported the texts purportedly came from Press Secretary Alyssa Farah and asked the whereabouts of certain GOP members. Rep. Adam Kinzinger, R-Ill., has received several of the messages…

Amnesty International phishing attack may have bypassed 2FA

By

Amnesty International reported on two phishing attacks it recently endured, possibly carried out by the same attacker (or attackers), on human rights defenders (HRD) like itself, and also journalists, particularly in the Middle East and North Africa. “What makes these campaigns especially troubling is the lengths to which they go to subvert the digital security…

Vermont, Dallas medical facilities suffer email account breaches

By

In separate incidents, two U.S. health care facilities have publicly disclosed data breaches that resulted from the unauthorized access of an employee’s email. Yesterday, the University of Vermont Health Network – Elizabethtown Community Hospital (ECH) acknowledged that an unauthorized individual remotely accessed an employee’s email account on Oct. 9. This account contained the personal information of…

Save the Children loses $1 million to BEC scam

By

Save the Children was hit last year with a business email compromise scam that cost the charity $1 million. The cyberattacker gained access to an employee’s email account and then posing as an employee created fake invoices and supporting material to convince the organization to send almost $1 million to a fake charity in Japan,…

Report: ‘Trump’ most common spam term during run-up to elections

By

The president himself may not be up for election in 2018, yet “Trump” is the most common term used in election-themed spam campaigns, according to a new report from Proofpoint.  Starting Sept. 27, Proofpoint researchers searched its spam filters for subject lines and email bodies containing various political terms, candidates and power players. In a…

BEC fraud burgeoning despite training

Business email compromises (BEC) — commonly referred to as CEO Fraud because the CEO’s identity is being impersonated — continues to grow and, more significantly, succeed due to the simplicity and urgency of the attacks, according to recent study from Barracuda of some 3,000 attacks. The study, published today, notes that of the 3,000 attacks…

Next post in Email Security