HPE Says Russian Government Hackers Had Access to Emails for 6 Months

HPE told the SEC that Russian state-sponsored threat group Midnight Blizzard had access to an email system for several months.
The post HPE Says Russian Government Hackers Had Access to Emails for 6 Months appeared first on SecurityWeek.
Continue reading HPE Says Russian Government Hackers Had Access to Emails for 6 Months

Organizations need to switch gears in their approach to email security

Email security risks remain high with 94% of organizations experiencing incidents in the past 12 months, according to Egress. Inbound email incidents primarily took the form of malicious URLs, attacks sent from a compromised account, and malware or ran… Continue reading Organizations need to switch gears in their approach to email security

Androxgh0st Malware Botnet Steals AWS, Microsoft Credentials and More

The Androxgh0st malware botnet is used for victim identification and exploitation in targeted networks, as well as credentials collection. Read the FBI/CISA’s tips for protecting against this malware threat. Continue reading Androxgh0st Malware Botnet Steals AWS, Microsoft Credentials and More

Flipping the BEC funnel: Phishing in the age of GenAI

For years, phishing was just a numbers game: A malicious actor would slap together an extremely generic (and usually poorly-written) email and fire it out to thousands of recipients in the hope that a few might take the bait. Over time, however, as spa… Continue reading Flipping the BEC funnel: Phishing in the age of GenAI

Social engineer reveals effective tricks for real-world intrusions

In this Help Net Security interview, Jayson E. Street, Chief Adversarial Officer at Secure Yeti, discusses intriguing aspects of social engineering and unconventional methods for gathering target information. Street explores the overlooked threat of ph… Continue reading Social engineer reveals effective tricks for real-world intrusions

Uncovering the hidden dangers of email-based attacks

Email-based attacks have evolved beyond traditional spam and phishing attempts. Cybercriminals now employ sophisticated tactics such as spear-phishing, whaling, and business email compromise (BEC), posing a significant threat to businesses of all sizes… Continue reading Uncovering the hidden dangers of email-based attacks

Mimecast Acquires User Education Startup Elevate Security 

Elevate Security raised $18.3 million in venture capital financing and scored investments from the likes of Cisco and CrowdStrike.
The post Mimecast Acquires User Education Startup Elevate Security  appeared first on SecurityWeek.
Continue reading Mimecast Acquires User Education Startup Elevate Security 

Chinese Hackers Deliver Malware to Barracuda Email Security Appliances via New Zero-Day

Chinese hackers exploited a zero-day tracked as CVE-2023-7102 to deliver malware to Barracuda Email Security Gateway (ESG) appliances.
The post Chinese Hackers Deliver Malware to Barracuda Email Security Appliances via New Zero-Day appeared first on Se… Continue reading Chinese Hackers Deliver Malware to Barracuda Email Security Appliances via New Zero-Day

SMTP Smuggling Allows Spoofed Emails to Bypass Authentication Protocols

A new attack technique named SMTP Smuggling can allow malicious actors to send out spoofed emails that bypass authentication mechanisms.
The post SMTP Smuggling Allows Spoofed Emails to Bypass Authentication Protocols appeared first on SecurityWeek.
Continue reading SMTP Smuggling Allows Spoofed Emails to Bypass Authentication Protocols