A vulnerability affecting GnuPG has made some of the widely used email encryption software vulnerable to digital signature spoofing for many years. The list of affected programs includes Enigmail and GPGTools. About the vulnerability (CVE-2018-12020) CVE-2018-12020, dubbed “SigSpoof” by Marcus Brinkmann, the researcher which found it, arises from “weak design choices.” “The signature verification routine…

88.8 percent of the root domains operated by top colleges and universities in the United States are putting their students, staff and other recipients at risk for phishing attacks that spoof the institution’s domain, according to 250ok. Phishing and spoofing attacks against consumers are likely when companies do not have a published Sender Policy Framework…

Nigerian scammers are targeting Fortune 500 companies, and have already stolen millions of dollars from some of them, IBM Security researchers have found. Their strategy is well known: they take over or impersonate a trusted user’s email account to target companies that conduct international wire transfers, and trick accounts payable personnel into wiring money into…

A man who accessed over 1,000 email accounts maintained by a New York City-area university to download in appropriate photos and videos was sentenced to 6 months in prison this week. The man, Jonathan Powell, 30, of Phoenix, Arizona, pled guilty to the charges on August 9, 2017, in Manhattan federal court before United States…

The employees of insurance companies and non-profit organizations are most likely to fall for phishing attacks, according to a study conducted by security awareness training firm KnowBe4. KnowBe4’s study is based on data collected from six million users across 11,000 organizations. The company has tested users at three stages: before any awareness training, after 90…

Facebook announced on Wednesday the introduction of a new security feature designed to help users check if the emails they receive are legitimate or if they have been sent by cybercriminals. When it detects a suspicious login attempt or a password change, Facebook notifies users by sending them an email from the Facebookmail.com domain. Cybercriminals…

Fox-IT, the Netherlands-based cybersecurity firm owned by NCC Group, revealed on Thursday that it had been the victim of a man-in-the-middle (MitM) attack made possible by DNS records getting changed at its third-party domain registrar. The incident took place back in September and Fox-IT decided to disclose it now after conducting a detailed analysis. A…

A new phishing campaign has been spotted hitting LinkedIn users via direct messages and the LinkedIn InMail feature. They are sent from legitimate LinkedIn Premium accounts that have been hijacked by the phishers, thus increasing the likelihood that recipients will trust the message and click on the link. The messages/emails say that the sender has…

Britain’s parliament shut down external access to e-mail accounts on Saturday following a cyberattack. Parliamentary authorities described the attack as “sustained and determined”, in an email sent to lawmakers and published by the Daily Telegraph. “Earlier this morning we discovered unusual activity and evidence of an attempted cyberattack on our computer network,” it read. “Closer…

The vast majority (82 percent) of users open email attachments if they appear to be from a known contact, despite the prevalence of well-known sophisticated social engineering attacks, according to Glasswall. Of these respondents, 44 percent open these email attachments consistently every time they receive one, leaving organizations vulnerable to data breaches sourced to malicious…