Google’s Threat Analysis Group (TAG) revealed on Thursday that a Zimbra Collaboration Suite zero-day was exploited earlier this year to steal email data from government organizations in several countries. The existence of the vulnerability, tracked as CVE-2023-37580, became public in mid-July, when Zimbra notified customers of its email server solution. The flaw, described as a ..
Tag : Email Security
Enterprise security vendor Proofpoint on Monday announced plans to acquire email security specialists Tessian to beef up its ability to spot and block risky user behaviors, including misdirected email and data exfiltration. Financial terms of the deal were not disclosed. Tessian, a British startup that sells cloud email security software, was last valued at $500 ..
A recently identified phishing campaign is relying on LinkedIn smart links to bypass email defenses and deliver malicious lures into Microsoft users’ inboxes, email security firm Cofense reports. A legitimate feature connected to LinkedIn’s Sales Navigator services, smart links allow businesses to promote websites and advertisements, redirecting users to specific domains. Threat actors, however, are ..
Google and Yahoo on Tuesday announced a series of new requirements meant to improve email phishing and spam protections for their users. Starting with the first quarter of next year, both email service providers will require that bulk senders first authenticate their emails using industry best practices, which should improve users’ trust in the source ..
The existence of several unpatched vulnerabilities impacting Exim mail transfer agent (MTA) installations was disclosed last week, more than one year after they were initially reported to developers. Trend Micro’s Zero Day Initiative (ZDI) learned about six Exim vulnerabilities last year and reported the findings to the MTA software’s developers in June 2022. However, Exim ..
Email has been around a long time. My early days of remote communication started in the “You’ve got mail” era, with AOL dominating the US market share of dial up internet as well as email. Other free email services emerged, and companies looking to expand globally saw email as a cheaper and quicker communication tool ..
Threat actors have exploited a Salesforce zero-day vulnerability and abused Meta features in a sophisticated phishing campaign, according to web browsing security company Guardio. Attackers sent out legitimate-looking emails designed to lure targeted users to a phishing page where they were instructed to hand over their Facebook account information, including their name, account name, email ..
Researchers at cloud security startup Wiz have an urgent warning for organizations running Microsoft’s M365 platform: That stolen Microsoft Azure AD enterprise signing key gave Chinese hackers access to data beyond Exchange Online and Outlook.com. “Our researchers concluded that the compromised MSA key could have allowed the threat actor to forge access tokens for multiple ..
SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar. We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape. Each week, we will curate and present ..
Microsoft reported on Tuesday that a Chinese cyberespionage group it tracks as Storm-0558 was recently spotted using forged authentication tokens to hack government email accounts. According to the tech giant, the hackers gained access to the email accounts of roughly 25 organizations, including government agencies and consumer accounts belonging to individuals associated with the targeted ..