SMTP stands for Simple Mail Transfer Protocol. It’s a protocol used for sending emails across the Internet. SMTP operates on a push model, where the sending server pushes the email to a receiving server or an intermediary mail server. Here are some basic concepts associated with SMTP: Sending and Receiving Servers: SMTP involves at least […]
Delivery- and shipping-themed email messages are being used to deliver a sophisticated malware loader known as WailingCrab. “The malware itself is split into multiple components, including a loader, injector, downloader and backdoor, and successful requests to C2-controlled servers are often necessary to retrieve the next stage,” IBM X-Force researchers Charlotte Hammond, Ole Villadsen, and Kat […]
Threat actors have begun utilizing an innovative approach to zero-point font obfuscation, a pre-existing technique, in an attempt to deceive users of Microsoft Outlook. They do so by creating an illusion that certain phishing emails have been thoroughly scanned and cleared by antivirus programs, thus increasing the chances of these deceptive emails bypassing security protocols. […]
A webmail service known for its emphasis on users’ privacy, Proton Mail, has serious code flaws that were discovered by a group of researchers. These vulnerabilities might have put the service’s users in danger. These vulnerabilities disclosed a possible weak link in the security chain, despite the fact that Proton Mail uses powerful end-to-end encryption […]
Researchers have discovered that malicious actors have been utilizing the phishing toolkit EvilProxy to gain control of cloud-based Microsoft 365 accounts belonging to leaders at well-known firms. These accounts are used to access sensitive company data. According to a study on the events that was published on Wednesday by the cybersecurity company Proofpoint, the attacks […]
The most people use Gmail, which has a total user base of a staggering 1.5 billion people. This represents 18.75% of the total population of the planet. The security mechanisms of Gmail are well-known for their effectiveness in preventing hackers from gaining control of user accounts. Gmail has included a new function that displays an […]
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks perpetrated by Russian nation-state hackers targeting various government bodies in the country. The agency attributed the phishing campaign to APT28, which is also known by the names Fancy Bear, Forest Blizzard, FROZENLAKE, Iron Twilight, Sednit, and Sofacy. The email messages come with […]
A new QBot malware campaign is leveraging hijacked business correspondence to trick unsuspecting victims into installing the malware, new findings from Kaspersky reveal. The latest activity, which commenced on April 4, 2023, has primarily targeted users in Germany, Argentina, Italy, Algeria, Spain, the U.S., Russia, France, the U.K., and Morocco. QBot (aka Qakbot or Pinkslipbot) […]
The email account of domain registrar Namecheap was compromised which led to a flood of DHL and MetaMask phishing emails that sought to steal the victims’ personal information and cryptocurrency wallets. Reports say the phishing attacks began at 4:30 PM ET and came from SendGrid, a company that Namecheap has previously utilized to send renewal […]
The notorious information-stealer known as Vidar is continuing to leverage popular social media services such as TikTok, Telegram, Steam, and Mastodon as an intermediate command-and-control (C2) server. “When a user creates an account on an online platform, a unique account page that can be accessed by anyone is generated,” AhnLab Security Emergency Response Center (ASEC) […]
The following techniques have been made public by a researcher who wishes to remain anonymous. They can be used to bypass certain of Cisco’s Secure Email Gateway appliance’s filters and spread malware using carefully written emails. The researcher acknowledged communicating with the vendor, but said they were unable to get a suitable answer in a timely […]
Microsoft’s Dynamics 365 Customer Voice is a software that is primarily used to collect customer feedback.It may be utilized to gather data into actionable insights, track consumer feedback, and conduct polls of client satisfaction. To communicate with victims, hackers are exploiting the Static Expressway. In a nutshell, it’s a method for evading security scanners that […]
The message encryption system employed by Microsoft in Office 365 has a system vulnerabilities, according to a warning from the Finnish cybersecurity company WithSecure. According to WithSecure’s alert, the Office 365 Message Encryption (OME) security technique is defective, which makes it possible for the Microsoft 365 security vulnerability to be used to infer message contents. […]
Researchers have discovered never-before-seen malware that North Korean hackers have been using to surreptitiously read and download emails and attachments from the GMail and AOL accounts of infected users. The malware, dubbed SHARPEXT by researchers, uses clever means to install a browser extension for Chrome and Edge browsers, Volexity reported. Email services cannot detect the […]
DigitalOcean has revealed that some of its customers’ emails were exposed to attackers thanks to an attack on the Mailchimp email marketing service. DigitalOcean has reported on its website a security incident suffered due to a security breach caused by its email provider, Mailchimp. On August 8, they discovered that their Mailchimp account had been […]
Cisco has released security updates to contain three vulnerabilities affecting its products, including one high-severity flaw in its Email Security Appliance (ESA) that could result in a denial-of-service (DoS) condition on an affected device. The weakness, assigned the identifier CVE-2022-20653 (CVSS score: 7.5), stems from a case of insufficient error handling in DNS name resolution […]
A new version of the MyloBot malware has been observed to deploy malicious payloads that are being used to send sextortion emails demanding victims to pay $2,732 in digital currency. MyloBot, first detected in 2018, is known to feature an array of sophisticated anti-debugging capabilities and propagation techniques to rope infected machines into a botnet, […]
Virgin Media could be fined up to £50,000 after British authorities detected the company spammed nearly 500,000 customers, some of whom filed complaints with the Information Commissioner’s Office (ICO) about thousands of unsolicited advertising messages. This marketing campaign was hidden as a communication message part of Virgin’s newsletter, and would have reached some 451,000 customers […]
Cybersecurity researchers at TrendMicro security firm have recently administered a very comprehensive insight into a productive hacking group operating as Hacker-for-Hire has targeted nearly 3500 individuals and corporations to steal their emails and highly-sensitive data. This group has been implementing its attack since 2015, and after knowing about the attack, the senior researcher Feike Hacquebord […]
Cybersecurity specialists from Abnormal Security report the detection of at least 200 malicious emails as part of a phishing campaign targeting Microsoft Office 365 users. Apparently, the primary goal of the attackers was to intercept login credentials. An unusual feature of this campaign is the use of QR codes embedded in the content of the […]
Microsoft has reported the correction of a critical vulnerability in Exchange Server detected at the beginning of 2021 and whose exploitation would have allowed threat actors to establish forwarding rules in the affected accounts, which would eventually allow access to incoming emails. Known as ProxyToken and tracked as CVE-2021-33766, the flaw received a score of […]