Email Security | SC Media

Email Security

Humble Bundle breach could be first step in wider attack

By

Sometimes a basic data breach is just the first step in a larger campaign. That appears to be the case with the gaming subscription site Humble Bundle, which began informing its customers of a data breach that may have exposed a person’s subscription status, Malwarebytes reported. While on the outside this appears to be a…

Brazil (3)

Brazilian-made bank trojan use spreading

By

When it comes to banking trojans Brazil is not only a leading manufacturer, but most often its residents bear the brunt of these attacks, however, Cybereason has found the same malware normally used to attack this South American country has spread worldwide. The malware was found by Cybereason is being used against banks in more…

Phishing extortion campaign using new, more effective methods

By

Kaspersky Labs researchers have noticed a recent switch in tactics by malicious actor’s intent on conducting blackmail operations. The primary scare tactic in these phishing operations is to tell the recipient the extortionist has embarrassing or damaging evidence against the target with a demand to pay a set amount in order for the malicious actor…

Report: ‘Trump’ most common spam term during run-up to elections

By

The president himself may not be up for election in 2018, yet “Trump” is the most common term used in election-themed spam campaigns, according to a new report from Proofpoint.  Starting Sept. 27, Proofpoint researchers searched its spam filters for subject lines and email bodies containing various political terms, candidates and power players. In a…

Assurance on the shore: Brick Township Public Schools and SonicWALL

Chicago, Galloway Township (N.J.) schools hit with cyberattacks

By

A pair of U.S. school districts were hit with two very different, but still damaging, cyberattacks in the last week. A former Chicago Public School employee was arrested for stealing the PII on 80,000 district workers, while Gallow, N.J., the district lost $200,000 due to a wire fraud scam. In the Windy City incident, Kristi…

Tor network remains unsure how feds discovered and shut down Silk Road 2.0

Sextortion plot uses public breach data to trick victims into thinking they were hacked

By

A pair of new research reports are providing details on an ongoing “sextortion” scam in which malicious actors use publicly available lists of breached email addresses and passwords to contact victims and then blackmail them with false claims that they were caught viewing pornographic materials. Researchers have identified at least two distinct campaigns involving these…

Expanding attack surfaces and difficulties obtaining the right people worry NCSA panelists

By

What keeps cybersecurity and business executives awake at night is the ever-increasing attack surface they must deal with every morning when they wake up. This factoid was revealed in a brief poll conducted during a panel session on cyber warfare at the “Securing Our Critical Infrastructure” conference, a National Cyber Security Alliance (NCSA) and NASDAQ Cybersecurity…

BEC attack scams Texas school district out of $600,000

By

The Henderson, Texas school district was hit with a business email compromise (BEC) attack resulting in a $600,000 loss for the district. Only a few details on the attack have been issued by district officials. What has been made public is that on September 26 the district issued an electronic payment of $609,615.24 to RPR…

CIO: Strayer U’s cybersecurity investments enable digital innovation for students, faculty

By

The higher learning institution Strayer University is giving its students, faculty and employees an education in cybersecurity, with investments in identity and access technology (IAM), risk management assessments, and anti-phishing training. These initiatives have given the university a secure foundation upon which to introduce numerous innovative digital offerings to its student body, according to Sabrina…

VMware, Apache, Mozilla push out patches

By

A series of patches and updates were issued by VMware, Mozilla and Apache to patch critical and moderately rated vulnerabilities. VMware’s Workspace ONE Unified Endpoint Management Console (AirWatch Console) was updated to resolve a critically rated SAML authentication bypass vulnerability (CVE-2018-6979). If exploited a malicious actor could impersonate an authorized SAML session if certificate-based authentication…

Next post in News