Email security news & analysis | SC Media

Email Security News and Analysis

Facebook says it ‘unintentionally’ harvested 1.5M users’ email contacts via verification feature

By

Facebook has once again stoked controversy after the social media giant reportedly owned up to “unintentionally” collecting the email contacts of 1.5 million users without their consent. Business Insider revealed the company’s latest data mismanagement gaffe in an April 17 news report, after its staff members created a fake account and entered an email password…

Microsoft web mail services breached after support agent’s credentials are compromised

By

Hackers reportedly compromised a Microsoft Corp. support agent’s credentials, allowing them to gain unauthorized access to the company’s various web-based email services, including Outlook, MSN and Hotmail, for at least three months in 2019. This breach exposed not only information pertaining to certain customers’ email accounts, but also in some cases the content of the…

Stolen email credentials being used to pry into cloud accounts

By

Malicious actors are using the massive supply of previously stolen login credentials to help brute force their way into high-profile cloud-based business systems that cannot easily use two-factor authentication for security. Proofpoint researchers found the availability of these tools has powered a massive increase in the number of cloud attacks taking place which in turn…

Spear phishing

Threat group Bitter expands target list

By

The Southeast Asian threat group Bitter that has been active since 2015 has expanded its activities and has now targeted Pakistani and Saudi Arabia with three variants of the AstraDownloader to inject the RAT BitterRAT into various organizations. The attacks on Saudi Arabia and Pakistan began in September and continued into early 2019, according to…

2.2 billion emails found in new Collection data dumps

By

The German firm Heise Security has found 2.2 billion email addresses and associated passwords, which it is labeling Collection 2-5, available for free on the web. These credentials were found in data caches similar to the Collection 1 data dump that was exposed in mid-January and found to contain 773 million unique emails amid 600GB…

Modlishka pen testing tool could be used for real attacks

By

A Polish cybersecurity researcher has released an automated tool designed for pen testers that has the ability intercept data in real-time and even swipe 2FA credentials, a move that has some in the industry concerned that it could be used for nefarious purposes. Piotr Duszyński last week released the open-source tool, named Modlishka which means…

DePaul University group email exposes employees’ info

By

A group email recently sent by DePaul University reportedly exposed the names and email addresses of 656 employees who had completed the school’s wellness program. According to Crain’s Chicago Business, the Chicago-based private university sent congratulatory emails to faculty members last Dec. 14, but neglected to use the “blind copy” feature. Consequently, recipients’ names and…

FBI looks into hoaxer texting GOP lawmakers

By

The FBI is reportedly investigating several incidents where someone impersonating Vice President Mike Pence’s press secretary is sending text messages to Republican lawmakers. The Wall Street Journal reported the texts purportedly came from Press Secretary Alyssa Farah and asked the whereabouts of certain GOP members. Rep. Adam Kinzinger, R-Ill., has received several of the messages…

Amnesty International phishing attack may have bypassed 2FA

By

Amnesty International reported on two phishing attacks it recently endured, possibly carried out by the same attacker (or attackers), on human rights defenders (HRD) like itself, and also journalists, particularly in the Middle East and North Africa. “What makes these campaigns especially troubling is the lengths to which they go to subvert the digital security…

Next post in Security News