Email Security
Email Security | News, how-tos, features, reviews, and videos
Attackers switch to self-extracting password-protected archives to distribute email malware
This variation on an old technique does not require the victim to provide a password to execute the malware.
Sophisticated BEC scammers bypass Microsoft 365 multi-factor authentication
Analysis of the BEC campaign reveal weaknesses in Microsoft's authentication system.
Why business email compromise still tops ransomware for total losses
Losses from business email compromise (BEC) scams are about 50 times greater than those caused by ransomware. Here's why BEC is favored by cybercriminals.
Ransomware, email compromise are top security threats, but deepfakes increase
While ransomware and business email compromise are leading causes of cybersecurity threats, geopolitics and deepfakes play an increasing role, according to reports from VMware and Palo Alto.
How Salvation Army Australia’s CISO moved away from ‘extreme risk’
The Salvation Army Australia had started its move towards cyberresilience before hiring Lachlan McGill, which helped him make cybersecurity and SOC investments a dialogue, not a plea.
Attacks using Office macros decline in wake of Microsoft action
Researchers see 66% decline in attacks over eight months since Microsoft turned off macros by default.
Office 365 phishing campaign that can bypass MFA targets 10,000 organizations
The phishing web pages that this adversary-in-the-middle phishing campaign uses act as a proxy and pull content from the legitimate Office 365 login page.
Cisco reports vulnerabilities in products including email and web manager
New vulnerabilities found in Cisco internal testing allow remote access and scripting that could lead to the loss of sensitive user data.
A formula for measuring real-world email security efficacy
You have the data needed to assess the efficacy of your email security tools. Here's how to use it.
Microsoft help files repurposed to contain Vidar malware in new campaign
A new email malware campaign hides a malicious payload in what appears to be a Microsoft Compiled HTML Help file.
Cloudflare unveils email security tools, free WAF ruleset, and API gateway
Cloudflare has announced a slew of new products, including a suite of email security tools for phishing and malware detection, a free WAF ruleset and a machine-learning powered API gateway.
INTERPOL and Nigerian Police bust business email compromise ring, arrest 11
Operation Falcon II focused on malware skills and knowledge to track suspects thought to be members of the SilverTerrier BEC network that has harmed thousands of companies globally.
9 cloud and on-premises email security suites compared
These email security suites have evolved to keep pace with email-enabled threats.
Microsoft Exchange Emergency Mitigation: What admins need to know
The Emergency Mitigation service adds protections to Exchange Server in the wake of recent zero-day compromises.
4 steps to protect the C-suite from business email compromise attacks
Preventing top executives from becoming BEC victims requires a different approach. Putting the risk in business terms is key.
Exchange Autodiscover feature can cause Outlook to leak credentials
A design issue in the Microsoft Exchange Autodiscover feature can cause Outlook and other third-party Exchange client applications to leak plaintext Windows domain credentials to external servers. Here’s what companies can do now to...
Unpatched Exchange Servers an overlooked risk
Attackers are targeting older, unpatched Microsoft Exchange Servers with much success because organizations don't properly assess the risk.
Business email compromise (BEC) attacks take phishing to the next level
Business email compromise (BEC) is a highly targeted, email-based attack that tricks victims into exposing company information, handing over money, or getting them to perform other acts that negatively impact the business.