Collaborate Disseminate
Twilio SendGrid and Valimail have teamed up to provide customers with Valimail’s DMARC Monitor and Enforce solutions, which will help Twilio SendGrid customers further protect their domains from phishing and impersonation attacks. Valimail is alr… Continue reading Why we’re partnering with Twilio SendGrid for security and deliverability
Cybercriminals are exploiting uncertainty and fear around the COVID-19 pandemic, with phishing emails targeting individuals and institutions — utilizing spoofed identities to evade detection. This is an even bigger concern at a time when most… Continue reading Best practices for email security while employees are WFH
Valimail has been publishing factual research on the state of the email ecosystem for three years now. Our reports are based on our deep, daily analysis of tens of millions of DNS records — in other words, it’s public data; we’re just… Continue reading Election security is too important to ignore
No question about it, ransomware is on the rise, and the majority of enterprises remain vulnerable to inbound phish emails that often are the originators of ransomware attacks.
One recent ransomware outbreak, Petya, appears to have originated in the Ukraine. Like WannaCry before it, once it has infected a computer it attempts to spread through local area networks. But according to the Romanian national CERT (Computer Emergency Readiness Team) Petya’s initial point of entry is often a phishing email that contains a Trojan-horse document which, if opened, will infect the target computer. “Initial infection of systems is achieved through documents attached to phishing email messages that users are urged to open,” according to the Romanian publication Business Review.
To read this article in full or to leave a comment, please click here
Continue reading IDG Contributor Network: How CIOs can avoid the next ransomware attack
Over the past two or three decades the internet has enabled humans to reach far beyond their physical constraints. We log into our company from home, use banking services located thousands of miles away, store our photos who knows where in the cloud… Continue reading IDG Contributor Network: What CIOs need to know about authentication
Here’s a security scenario that’s all too common: A company suffers from a cyberattack, then responds to it promptly and alerts its customers, warning them to change their passwords. But the company remains vulnerable through the very means it uses to alert those customers: Email. In fact, attackers can exploit that vulnerability using email that pretends to be a security warning from the company, targeting customers and wreaking even more damage.
For example, on May 31, popular cloud-based password manager OneLogin announced that it had suffered a serious security breach, and it updated its report the next day with a few more details.
To read this article in full or to leave a comment, please click here
Recent coverage of the latest ransomware and phishing attacks makes one thing clear: You’ve got to keep your operating system up to date. But that recommendation, while important, may not get to the root of the problem.
Making sure you’ve got the latest Windows updates prevents the spread of ransomware such as WannaCry, after it’s already infiltrated your company. But it may not prevent you from getting the malicious code on your computer in the first place.
To read this article in full or to leave a comment, please click here
One feature of today’s cloud-centric landscape is just how many different services may be sending email on your company’s behalf, even when email does not appear to be their primary function.
We call this “shadow email,” because these emails are going out (potentially exposing your company to risk and liability) without any awareness or oversight by the CIO, CSO or IT teams. Like shadow IT, shadow email lurks in the dark corners of your domain.
I’ve worked with dozens of companies to help them discover and manage their shadow email services, and I have yet to encounter a CIO who wasn’t surprised by the sheer volume of cloud services that were sending email on their behalf—sometimes dozens of them.
To read this article in full or to leave a comment, please click here
Continue reading IDG Contributor Network: How CIOs can fight the rise in shadow email
Popularity for the Domain-based Message Authentication, Reporting and Conformance email authentication standard is growing. So why are enterprises still struggling to implement it?
Continue reading The Trouble With DMARC: 4 Serious Stumbling Blocks
Can DMARC do for email security what SSL certificates did for e-commerce? Continue reading Deleting Email’s Original Sin: An Historical Perspective