Is it possible for an attacker to change an email-attachment of a received email client-side and synchronize it via IMAP with Webmailer?

an attacker manipulated the IBAN of an invoice.pdf attached to a received email. The question remains, can said attacker manipulate/change such a pdf client-side and cause an IMAP synchronization with the webmailer provided by a hoster?
I … Continue reading Is it possible for an attacker to change an email-attachment of a received email client-side and synchronize it via IMAP with Webmailer?

What does the IMAP banner alone show regarding security (STARTTLS, hashing, information disclosure)?

I encountered an open TCP/143 IMAP port which responded with this banner:
* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5] Dovecot ready.

From this I … Continue reading What does the IMAP banner alone show regarding security (STARTTLS, hashing, information disclosure)?

Gift Card Gang Extracts Cash From 100k Inboxes Daily

Some of the most successful and lucrative online scams employ a “low-and-slow” approach — avoiding detection or interference from researchers and law enforcement agencies by stealing small bits of cash from many people over an extended period. Here’s the story of a cybercrime group that compromises up to 100,000 email inboxes per day, and apparently does little else with this access except siphon gift card and customer loyalty program data that can be resold online. Continue reading Gift Card Gang Extracts Cash From 100k Inboxes Daily