Six Months in Jail for University Email Hacker
A man who accessed over 1,000 email accounts maintained by a New York City-area university to download in appropriate photos and videos was sentenced to 6 months in prison this week. The man, Jonathan Powell, 30, of Phoenix, Arizona, pled guilty to the charges on August 9, 2017, in Manhattan federal court before United States…
Insurers, Nonprofits Most Likely to Fall for Phishing: Study
The employees of insurance companies and non-profit organizations are most likely to fall for phishing attacks, according to a study conducted by security awareness training firm KnowBe4. KnowBe4’s study is based on data collected from six million users across 11,000 organizations. The company has tested users at three stages: before any awareness training, after 90…
Facebook Launches New Anti-Phishing Feature
Facebook announced on Wednesday the introduction of a new security feature designed to help users check if the emails they receive are legitimate or if they have been sent by cybercriminals. When it detects a suspicious login attempt or a password change, Facebook notifies users by sending them an email from the Facebookmail.com domain. Cybercriminals…
Hackers Target Security Firm Fox-IT
Fox-IT, the Netherlands-based cybersecurity firm owned by NCC Group, revealed on Thursday that it had been the victim of a man-in-the-middle (MitM) attack made possible by DNS records getting changed at its third-party domain registrar. The incident took place back in September and Fox-IT decided to disclose it now after conducting a detailed analysis. A…
Phishers targeting LinkedIn users via hijacked accounts
A new phishing campaign has been spotted hitting LinkedIn users via direct messages and the LinkedIn InMail feature. They are sent from legitimate LinkedIn Premium accounts that have been hijacked by the phishers, thus increasing the likelihood that recipients will trust the message and click on the link. The messages/emails say that the sender has…
UK Parliament Cuts Email Access After Cyberattack
Britain’s parliament shut down external access to e-mail accounts on Saturday following a cyberattack. Parliamentary authorities described the attack as “sustained and determined”, in an email sent to lawmakers and published by the Daily Telegraph. “Earlier this morning we discovered unusual activity and evidence of an attempted cyberattack on our computer network,” it read. “Closer…
Majority of workers blindly open email attachments
The vast majority (82 percent) of users open email attachments if they appear to be from a known contact, despite the prevalence of well-known sophisticated social engineering attacks, according to Glasswall. Of these respondents, 44 percent open these email attachments consistently every time they receive one, leaving organizations vulnerable to data breaches sourced to malicious…
Know your enemy: Defining the new taxonomy of malicious emails
Just as it is the default tool for most businesses, email’s capacity for rapid, mass communication has made it a favourite instrument of criminals. As a result, malicious emails have become a common occurrence in most consumer and business inboxes. Although chances are that most people will correctly identify the most common malicious emails as…
Gmail Delivers Spoofed Messages Without Warning, Researchers Find
Spoofed emails could easily land in user’s Gmail inboxes without even warning them of suspicious activity, security researchers have discovered. While spam is normally used to deliver malicious documents or links to unsuspecting users, spoofed emails have a bigger chance of luring potential victims, because they are likely to click on a link or open…
Critical RCE Flaw Patched in PHPMailer
The developers of PHPMailer have patched a critical vulnerability that can be exploited by a remote attacker for arbitrary code execution, a researcher said on Sunday. With millions of installations, PHPMailer is considered the world’s most popular email creation and transfer class for PHP. It has been used by several major open-source projects, including WordPress,…